Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
quTbWcnSay.exe

Overview

General Information

Sample name:quTbWcnSay.exe
renamed because original name is a hash value
Original sample name:7332fbc6fd5023cc26cd2e7414e8c40312783cc39b40815b91b7618b1d4c49b2.exe
Analysis ID:1387592
MD5:52c24e7a6a10f1418ead6e5541a2b443
SHA1:105b34e6ccd98cad51e88cb0b06e695caaff45bd
SHA256:7332fbc6fd5023cc26cd2e7414e8c40312783cc39b40815b91b7618b1d4c49b2
Tags:AdwareGenericexe
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to register a low level keyboard hook
Installs a global event hook (focus changed)
Machine Learning detection for sample
Adds / modifies Windows certificates
Binary contains a suspicious time stamp
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Stores large binary data to the registry
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • quTbWcnSay.exe (PID: 7288 cmdline: C:\Users\user\Desktop\quTbWcnSay.exe MD5: 52C24E7A6A10F1418EAD6E5541A2B443)
    • quTbWcnSay.tmp (PID: 7308 cmdline: "C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp" /SL5="$20458,832512,832512,C:\Users\user\Desktop\quTbWcnSay.exe" MD5: 160981DD3A860558906CAA34B3508ECC)
      • setup.exe (PID: 7404 cmdline: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe MD5: EEF52E934EAB9C6525F0161255235FEF)
        • set_0.exe (PID: 7664 cmdline: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --silent --allusers=0 MD5: CFCF91EF96623A139475B53B686229DC)
          • set_0.exe (PID: 7684 cmdline: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c5ae5e8,0x6c5ae5f4,0x6c5ae600 MD5: CFCF91EF96623A139475B53B686229DC)
          • set_0.exe (PID: 7768 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe" --version MD5: CFCF91EF96623A139475B53B686229DC)
          • set_0.exe (PID: 7796 cmdline: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7664 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240206153514" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0806000000000000 MD5: CFCF91EF96623A139475B53B686229DC)
            • set_0.exe (PID: 7828 cmdline: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6ba1e5e8,0x6ba1e5f4,0x6ba1e600 MD5: CFCF91EF96623A139475B53B686229DC)
            • installer.exe (PID: 6648 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe" --backend --initial-pid=7664 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9 --silent --desktopshortcut=1 --install-subfolder=106.0.4998.74 MD5: 38CA4FA9A427D35D0F3229E784ABACD8)
              • installer.exe (PID: 7280 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ffdfb94a5b0,0x7ffdfb94a5bc,0x7ffdfb94a5c8 MD5: 38CA4FA9A427D35D0F3229E784ABACD8)
              • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 4500 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 5228 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 1060 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 5780 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 2336 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 5440 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 2944 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 5436 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 4488 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 4900 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 1420 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 480 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 2108 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 2764 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 1544 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 4940 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
              • launcher.exe (PID: 7912 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized MD5: C76F1E24C27D10347C3851ED2B7767C4)
              • jyKJvjQuuEeSXFxWJ.exe (PID: 4544 cmdline: "C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (PID: 8060 cmdline: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe MD5: E9A2209B61F4BE34F25069A6E54AFFEA)
          • assistant_installer.exe (PID: 8096 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --version MD5: 4C8FBED0044DA34AD25F781C3D117A66)
            • assistant_installer.exe (PID: 8112 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0xf14f48,0xf14f58,0xf14f64 MD5: 4C8FBED0044DA34AD25F781C3D117A66)
  • launcher.exe (PID: 1272 cmdline: "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate 0 MD5: C76F1E24C27D10347C3851ED2B7767C4)
    • installer.exe (PID: 3168 cmdline: "C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version MD5: 38CA4FA9A427D35D0F3229E784ABACD8)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Suspicious Process Patterns NTDS.DIT Exfil
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp" /SL5="$20458,832512,832512,C:\Users\user\Desktop\quTbWcnSay.exe" , CommandLine: "C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp" /SL5="$20458,832512,832512,C:\Users\user\Desktop\quTbWcnSay.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp, NewProcessName: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp, OriginalFileName: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp, ParentCommandLine: C:\Users\user\Desktop\quTbWcnSay.exe, ParentImage: C:\Users\user\Desktop\quTbWcnSay.exe, ParentProcessId: 7288, ParentProcessName: quTbWcnSay.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp" /SL5="$20458,832512,832512,C:\Users\user\Desktop\quTbWcnSay.exe" , ProcessId: 7308, ProcessName: quTbWcnSay.tmp

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: http://sto.farmscene.website/track_polos.php?tim=1707230103&rcc=US&c=2577&p=0.95Avira URL Cloud: Label: malware
Source: http://sto.farmscene.website/track_inl2.php?tim=1707230103&poid=2577&p=1.25InnoAvira URL Cloud: Label: malware
Source: http://sto.farmscene.website/track_polos.php?tim=1707230103&rcc=US&c=2577&p=0.95http://eventquill.onAvira URL Cloud: Label: malware
Source: http://sto.farmscene.website/track_inl2.php?tim=1707230103&poid=2577&p=1.25Avira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exeAvira: detection malicious, Label: TR/Redcap.eotnr
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exeReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exeVirustotal: Detection: 67%Perma Link
Multi AV Scanner detection for submitted file
Source: quTbWcnSay.exeReversingLabs: Detection: 26%
Source: quTbWcnSay.exeVirustotal: Detection: 23%Perma Link
Machine Learning detection for sample
Source: quTbWcnSay.exeJoe Sandbox ML: detected
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_49e99a5e-9
Source: quTbWcnSay.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeWindow detected: &Next >CancelAdvanced System Repair Pro 2002 Portable Optimization SCloudWS.exe Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exeLicense AgreementPlease review the license terms before installing Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe.Press Page Down to see the rest of the agreement.Welcome this is an important message and license agreement so please read all below carefully. Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe is financed by advertisement. By clicking Accept you will continue with the installation of Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe and the offers listed below.Get an unparalleled gaming and browsing experience on mobile and desktop with OperaGX. Set limits on CPU RAM and Network usage use Discord & Twitch from the sidebar and connect mobile and desktop browsers with the file-sharing Flow feature. By clicking "Accept" I agree to the EULA <https://legal.opera.com/eula/computers/> Privacy Policy <https://legal.opera.com/privacy/> and consent to install.Browser is fast and secure web browser which does not collect your usage data.By clicking "Accept" I agree to the EULA <https://www.inlogbrowser.com/eula.txt> Privacy Policy <https://www.inlogbrowser.com/pp.txt> and consent to install Inlog Browser. This program can be removed at anytime in Windows Add/Remove Programs.your PC run like its brand new! Install Windows Manager the best utility for windows! Accept the EULA <https://advancedmanager.io/eula> and Privacy Policy <https://advancedmanager.io/privacy-policy> by pressing "Agree". A proxy service to protect your privacy. Accept the EULA <https://www.termsfeed.com/live/4bb495ca-d123-4f4d-a727-e9c4d0f3fabe> by pressing "Agree". Y-Cleaner is fast and easy way to clean and keep your PC optimized.By clicking "Accept" I agree to the EULA <https://y-cleaner.com/eula.php > and consent to install.tracker - An intuitive health monitoring application that seamlessly tracks analyzes and gives insights about your daily health metrics. Accept the EULA <https://doc-hosting.flycricket.io/health-tracker-privacy-policy/e1662a21-b082-4dae-bcb0-3abd33859f1c/privacy> and install by pressing "Next". If you accept the terms of the agreement click I Agree to continue. You must accept the agreement to install Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe.
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 106.0.4998.74
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240206153513538.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240206153515017.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeFile created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240206153537.log
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240206153613326.log
Source: quTbWcnSay.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2086375048.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.0000000000651000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434562541.00007FF6FAF81000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000002.2671316945.00007FF6FAF81000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2703850860.00007FF6FAF81000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000000.2439225002.00007FF6FAF81000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000002.2608443840.00007FF7F24B1000.00000002.00000001.01000000.0000001B.sdmp, installer.exe, 00000028.00000000.2548735956.00007FF7F24B1000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jyKJvjQuuEeSXFxWJ.exe, 00000013.00000000.2483862376.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000014.00000000.2485670854.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000015.00000002.2888716675.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000016.00000002.2886810654.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000017.00000000.2489723023.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000019.00000002.2889213969.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001A.00000002.2888060387.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001B.00000002.2887166190.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001C.00000000.2508513507.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001D.00000000.2514339988.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001E.00000000.2521152904.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001F.00000000.2524673543.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000020.00000000.2526989449.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000021.00000000.2529094326.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000022.00000002.2887687228.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000025.00000000.2541216607.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000027.00000000.2544650787.00000000001CE000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ller_lib.dll.pdb source: set_0.exe, 00000004.00000000.1839051703.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000000.1841922680.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.1846415856.000000000078C000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000000.1851965103.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000000.1855739405.000000000088C000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: .exe.pdb source: set_0.exe, 00000004.00000000.1839051703.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000000.1841922680.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.1846415856.000000000078C000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000000.1851965103.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000000.1855739405.000000000088C000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000023.00000002.2850858789.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000023.00000000.2537172061.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000026.00000002.2661332331.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000026.00000000.2544576973.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: set_0.exe, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2086375048.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_00405D07 FindFirstFileA,FindClose,2_2_00405D07
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00405331
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_0040263E FindFirstFileA,2_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,11_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,11_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DC9120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,12_2_00DC9120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E59AE2 FindFirstFileExW,12_2_00E59AE2
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: Joe Sandbox ViewIP Address: 159.223.29.40 159.223.29.40
Source: Joe Sandbox ViewIP Address: 159.223.29.40 159.223.29.40
Source: Joe Sandbox ViewIP Address: 172.67.152.108 172.67.152.108
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "favicon_url": "https://www.rambler.ru/favicon.ico", equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: "favicon_url": "https://www.yahoo.co.jp/favicon.ico", equals www.yahoo.com (Yahoo)
Source: installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/legal/terms; and equals www.facebook.com (Facebook)
Source: installer.exe, 0000000E.00000003.2523621023.000073F800350000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 5 @www.yahoo.co.jp/favicon.ico equals www.yahoo.com (Yahoo)
Source: installer.exe, 0000000E.00000003.2523621023.000073F800350000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: 5 @www.yahoo.co.jp/favicon.icos equals www.yahoo.com (Yahoo)
Source: set_0.exeString found in binary or memory: hatsapp.com/legal; and c. Facebook Messenger: A messaging service provided by Facebook, Inc., Meta Platforms Ireland Ltd. or related companies, depending on where you are accessing their services. Terms of use are available at https://www.facebook.com/l equals www.facebook.com (Facebook)
Source: installer.exe, 0000000E.00000002.2670721491.000073F800248000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.rambler.ru/favicon.ico equals www.rambler.ru (Rambler)
Source: installer.exe, 0000000E.00000002.2670721491.000073F800248000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.rambler.ru/favicon.icos equals www.rambler.ru (Rambler)
Source: set_0.exeString found in binary or memory: http://autoupdate-staging.services.ams.osa/
Source: set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching
Source: set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/Dig
Source: set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702282381.000000004960C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056557196.000000004974C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056543329.000000004987C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F297F000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: set_0.exe, 00000004.00000002.2704598316.0000000001486000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: explorer.exe, 00000012.00000002.2920248221.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2467564612.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: set_0.exe, 00000004.00000002.2707097483.0000000004A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2707097483.0000000004A5D000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702282381.000000004960C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F297F000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056557196.000000004974C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056543329.000000004987C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.a
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056557196.000000004974C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2707097483.0000000004A6F000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056543329.000000004987C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F297F000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crtY
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056557196.000000004974C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056543329.000000004987C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F297F000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702282381.000000004960C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: explorer.exe, 00000012.00000002.2920248221.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2467564612.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: set_0.exe, 00000004.00000002.2707097483.0000000004A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F297F000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056557196.000000004974C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056543329.000000004987C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: installer.exe, 00000028.00000000.2549062400.00007FF7F297F000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: set_0.exe, 00000004.00000002.2704598316.0000000001486000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2707097483.0000000004A5D000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702282381.000000004960C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702282381.000000004960C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: explorer.exe, 00000012.00000002.2920248221.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2467564612.000000000982D000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: set_0.exe, 00000004.00000002.2707097483.0000000004A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F297F000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
Source: set_0.exe, 00000004.00000002.2704598316.0000000001486000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2707097483.0000000004A5D000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702282381.000000004960C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: set_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: setup.exe, 00000002.00000002.2895127853.0000000000617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/daf.php?spot=1&a=2577&on=420&o=1662
Source: setup.exe, 00000002.00000002.2895127853.0000000000632000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/daf.php?spot=1&a=2577&on=420&o=1662L
Source: setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmp, setup.exe, 00000002.00000002.2908068672.0000000002B73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/daf.php?spot=2&a=2577&on=286&o=1627
Source: setup.exe, 00000002.00000002.2908068672.0000000002B73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/daf.php?spot=2&a=2577&on=286&o=16272
Source: setup.exe, 00000002.00000002.2908068672.0000000002B85000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/daf.php?spot=3&a=2577&on=244&o=331
Source: setup.exe, 00000002.00000002.2908068672.0000000002B85000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/daf.php?spot=3&a=2577&on=244&o=331D
Source: setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/daf.php?spot=3&a=2577&on=244&o=331H
Source: setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/daf.php?spot=4&a=2577&on=419&o=1661
Source: setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/daf.php?spot=5&a=2577&on=441&o=1675
Source: setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/daf.php?spot=6&a=2577&on=434&o=1670
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1627&a=2577&dn=286&spot=2
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1661&a=2577&dn=419&spot=4
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1662&a=2577&dn=420&spot=1
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1670&a=2577&dn=434&spot=6
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1675&a=2577&dn=441&spot=5
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=331&a=2577&dn=244&spot=3&
Source: setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1627&a=2577&dn=286&spot=
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1661&a=2577&dn=419&spot=
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1662&a=2577&dn=420&spot=
Source: setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1670&a=2577&dn=434&spot=
Source: setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1675&a=2577&dn=441&spot=
Source: setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=331&a=2577&dn=244&spot=3
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1627&a=2577&dn=286&s
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1661&a=2577&dn=419&s
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1662&a=2577&dn=420&s
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1670&a=2577&dn=434&s
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=1675&a=2577&dn=441&s
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=331&a=2577&dn=244&sp
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1627&a=2577&dn=286&spot=2&t=
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1661&a=2577&dn=419&spot=4&t=
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1662&a=2577&dn=420&spot=1&t=
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1670&a=2577&dn=434&spot=6&t=
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1675&a=2577&dn=441&spot=5&t=
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=331&a=2577&dn=244&spot=3&t=1
Source: quTbWcnSay.tmp, 00000001.00000003.1709163527.00000000007D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://guideveil.xyz/
Source: quTbWcnSay.tmp, 00000001.00000003.1709163527.00000000007D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://guideveil.xyz/j
Source: quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000C9B000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2464186318.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.2900589445.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000013.00000002.2902705643.0000000001950000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000013.00000000.2484876397.0000000001950000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000014.00000002.2901822429.0000000000D20000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000014.00000000.2486137187.0000000000D20000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000015.00000000.2487608251.0000000000DA0000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000015.00000002.2902456203.0000000000DA0000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000016.00000002.2901651276.0000000001910000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000016.00000000.2488977330.0000000001910000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000017.00000000.2490966359.0000000001550000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000017.00000002.2903333441.0000000001550000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000019.00000000.2492178530.0000000000D60000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000019.00000002.2904433148.0000000000D60000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001A.00000000.2500471656.0000000001A81000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001A.00000002.2901794154.0000000001A80000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001B.00000002.2900532811.00000000010C0000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001B.00000000.2506083316.00000000010C0000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001C.00000002.2901649632.0000000001800000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001C.00000000.2510582403.0000000001800000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://guideveil.xyz/pe/build.php?pe=n&sub=2577&source=3876&s1=48352771&title=QWR2YW5jZWQgU3lzdGVtIF
Source: setup.exe, 00000002.00000002.2895127853.0000000000617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kapetownlink.com/
Source: setup.exe, 00000002.00000002.2895127853.0000000000617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kapetownlink.com/.cloudwww.leestcruv.cloudI
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kapetownlink.com/installer.exe
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kapetownlink.com/installer.exe7
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kapetownlink.com/installer.exeAppData
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kapetownlink.com/installer.exebM
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kapetownlink.com/installer.exexM
Source: setup.exe, 00000002.00000002.2895127853.0000000000617000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kapetownlink.com/user
Source: set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: http://localhost:3001api/prefs/?product=$1&version=$2..
Source: setup.exe, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmp, setup.exe, 00000002.00000000.1711024840.0000000000409000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmp, setup.exe, 00000002.00000000.1711024840.0000000000409000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, explorer.exe, 00000012.00000002.2920248221.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2467564612.000000000982D000.00000004.00000001.00020000.00000000.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F297F000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056557196.000000004974C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2707097483.0000000004A6F000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056543329.000000004987C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056557196.000000004974C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056543329.000000004987C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702282381.000000004960C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
Source: set_0.exe, 00000004.00000002.2707097483.0000000004A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
Source: set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2707097483.0000000004A5D000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702282381.000000004960C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056557196.000000004974C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056543329.000000004987C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 00000012.00000000.2465864091.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: quTbWcnSay.exe, 00000000.00000003.1620442786.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.exe, 00000000.00000002.2892680375.00000000023E4000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000C33000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2911795874.000000000377B000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000003.1626108273.0000000003490000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2911795874.000000000376A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://riddlecarriage.website/lam.php?pe=n&p=3876&t=48352771&title=QWR2YW5jZWQgU3lzdGVtIFJlcGFpciBQc
Source: explorer.exe, 00000012.00000002.2924449128.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.2918221341.0000000008720000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000000.2466567318.0000000007F40000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: setup.exe, 00000002.00000003.2796115138.0000000002B89000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2908068672.0000000002B85000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sto.farmscene.website/track_inl2.php?tim=1707230103&poid=2577&p=1.25
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sto.farmscene.website/track_inl2.php?tim=1707230103&poid=2577&p=1.25$M
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://sto.farmscene.website/track_inl2.php?tim=1707230103&poid=2577&p=1.25Inno
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://sto.farmscene.website/track_polos.php?tim=1707230103&rcc=US&c=2577&p=0.95
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpString found in binary or memory: http://sto.farmscene.website/track_polos.php?tim=1707230103&rcc=US&c=2577&p=0.95http://eventquill.on
Source: quTbWcnSay.tmp, 00000001.00000002.2893887149.00000000007CB000.00000004.00000020.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000003.1709163527.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://theoryconnection.website/
Source: quTbWcnSay.tmp, 00000001.00000003.1709163527.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://theoryconnection.website/D
Source: quTbWcnSay.tmp, 00000001.00000002.2893887149.00000000007CB000.00000004.00000020.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000003.1709163527.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://theoryconnection.website/f
Source: quTbWcnSay.tmp, 00000001.00000002.2893887149.00000000007CB000.00000004.00000020.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000003.1709163527.00000000007C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://theoryconnection.website/l
Source: quTbWcnSay.exe, 00000000.00000003.1620442786.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.exe, 00000000.00000002.2892680375.00000000023E4000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000C33000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2911795874.000000000377B000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000003.1626108273.0000000003490000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2911795874.000000000376A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://theoryconnection.website/lam.php?pe=n&p=3876&t=48352771&title=QWR2YW5jZWQgU3lzdGVtIFJlcGFpciB
Source: quTbWcnSay.exe, 00000000.00000003.1620442786.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.exe, 00000000.00000002.2892680375.00000000023E4000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000C33000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2911795874.000000000377B000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000003.1626108273.0000000003490000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000BEF000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2893887149.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000C6F000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000003.1709163527.00000000007D7000.00000004.00000020.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2911795874.000000000376A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://theoryconnection.website/lamp.php
Source: quTbWcnSay.tmp, 00000001.00000002.2893887149.00000000007E3000.00000004.00000020.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000003.1709163527.00000000007D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://theoryconnection.website/lamp.php=
Source: quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000CFA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://theoryconnection.website/lamp.phpMuZXhl
Source: explorer.exe, 00000012.00000002.2914007528.00000000079B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.00000000079B1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2707097483.0000000004A5D000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702282381.000000004960C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000003.2544538026.00000209207D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: set_0.exe, 00000004.00000002.2707097483.0000000004A44000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056557196.000000004974C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.opera.com
Source: setup.exe, 00000002.00000003.1837511243.0000000002B76000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1844695287.0000000003CE9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000E.00000000.2434821592.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2445314682.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000000.2439351435.00007FF6FB44F000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: http://www.opera.com0
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/?q=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.spotify.com/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.youtube.com
Source: explorer.exe, 00000012.00000003.2725748433.000000000C893000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2469716689.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://addons.opera.com/en/extensions/details/dify-cashback/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/0239ef3d7c95570d61b12b2fb509af435ccc2131/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/0f0e5f62d66c60ed333aca63dd12b74d89b1197f/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/13655f413caacdcc677b24dc0c615d1f5328d6a3/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/175c553e1afe06b6eba448d5d51821f3b3200c23/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/1eccff548be9e5afea58974ea48f09611bb0971f/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/2f7d465d32db944b1a50d34569ecc10aa71d7b1b/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/313b7f796952f2b34bf6bce6ba10a7b51bd18913/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/3ed7347a5e10c404ea6cb96281265ff23092cf8f/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/434b0a6daa530638a964132e86b8a01d7b39aa7c/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/47495671858c844787b75a7b65d83bf0f4daa0b7/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/47ac1e141dfbb826480ad739f82202f33942e3a9/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/4d3d8f7f070d279fbe0d2795e10e69fbab5d3824/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/505f20c0ceb331ebec9f6b8d9def5e0f59be4612/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/5a244c9761df69fd3c6925ff8f639d24e28b1169/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/626b4fd1d224c0f6344647a9049bdade45c11e10/
Source: installer.exe, 0000000E.00000003.2444601145.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7090985e32fa004ea7f01e519549d5bb07e36e57/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7537081f498da9b83d5905e8a6aa77283f222bc3/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7ce8277c35ac7d51701decad652c060741bd7e48/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/7d5c2a2d6136fbf166211d5183bf66214a247f31/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/80c7dd8db07f193d40005f1a4c59dbc922d41bbc/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/9972667e4a17fabc1af14d8a388078a2069c5be3/
Source: installer.exe, 0000000E.00000003.2444601145.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/aaa83eac6890a9a6e2273ea51d6f2f2915b1a019/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/aad01b6c6f7f2f01bea6584af044c96d8850f748/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/ad5beaae2fc679ccba1db1f7b3c9503d8da6ec70/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/cf1b58b29b4efc97d4cd45328f0ab79f541469d4/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/d31e12a38bccc4ce61b2fe8e6fd3160ec5191274/
Source: installer.exe, 0000000E.00000003.2444601145.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/d62bc2d4349d61e94daa48a5c49b897f6bfcd166/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/d7966d331216ef6a7affdecb3ee81600ba5c34d3/
Source: installer.exe, 0000000E.00000003.2444601145.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/e27cf3ebc2172a1a7d9cb6978a031ef52ed55596/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/e3f47f1911ec0c9b987871ea7bc7da7525594997/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://addons.opera.com/extensions/download/fd1ad64e991dece2a0e4b2c8d5b45d22d513bd8b/
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advancedmanager.io/eula
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://advancedmanager.io/privacy-policy
Source: explorer.exe, 00000012.00000002.2914007528.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 00000012.00000002.2914007528.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 00000012.00000002.2930674856.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2469716689.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.browser.yandex.ua/suggest/get?part=
Source: explorer.exe, 00000012.00000000.2467564612.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2920248221.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000012.00000000.2467564612.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2920248221.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 00000012.00000000.2463791892.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2909435110.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2464944513.0000000003700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2891409803.0000000001240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000012.00000002.2920248221.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2467564612.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 00000012.00000000.2467564612.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2920248221.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://appleid.apple.com
Source: explorer.exe, 00000012.00000002.2920248221.00000000096DF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2467564612.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: hi.pak.7.drString found in binary or memory: https://auth.opera.com/account/v2/desktop/login/choose-method
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003310000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000002.2850858789.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000023.00000000.2537172061.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000026.00000002.2661332331.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000026.00000000.2544576973.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003310000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/.opera.comOpera
Source: set_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/_
Source: set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2707097483.0000000004A6F000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/api/prefs/?product=Opera%20GX&version=106.0.4998.74
Source: installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000023.00000002.2850858789.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000023.00000000.2537172061.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000026.00000002.2661332331.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000026.00000000.2544576973.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/developernightlyStableinstaller_prefs.jsonNightlyDeveloperNextStabl
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/geolocation/
Source: set_0.exe, 00000004.00000002.2704598316.0000000001486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/geolocation/l
Source: set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/https://autoupdate.geo.opera.com/geolocation/OperaDesktopGXhttps://
Source: set_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64
Source: set_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64yO
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://browser-notifications.opera.com/api/v1/
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://browser-notifications.opera.com/api/v1/333333
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000012.00000000.2465864091.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 00000012.00000000.2465864091.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: hi.pak.7.drString found in binary or memory: https://chrome.google.com/webstore/category/extensions
Source: hi.pak.7.drString found in binary or memory: https://chrome.google.com/webstore?hl=hi&category=theme
Source: hi.pak.7.drString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: set_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.gx.games/
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://config.gx.games/v0/config
Source: set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1880671252.00000000014AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.gx.games/v0/config?utm_campaign=PWN_RO_PB3_DD_3661&utm_medium=pa&utm_source=PWNgames&
Source: set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://config.gx.games/v0/configeditionutm_campaign=%s&utm_medium=%s&utm_source=%s&product=%s&chann
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://consent.youtube.com
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003310000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://crashpad.chromium.org/
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003310000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003310000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: installer.exe, 0000000F.00000002.2702791372.000001C843E20000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.2674097405.000000D800238000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit
Source: set_0.exe, 00000005.00000002.2720916878.0000000055C14000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.2713515405.0000000000FDB000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000008.00000002.2709611382.000000000119B000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000008.00000002.2710326192.000000005F014000.00000004.00001000.00020000.00000000.sdmp, assistant_installer.exe, 0000000D.00000002.2086747786.00000000053BB000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2702791372.000001C843E28000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.2674097405.000000D800238000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit--annotation=channel=Stable--annotation=plat=
Source: installer.exe, 0000000F.00000002.2702605774.000000D8002C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit--url=https://crashstats-collector.opera.com/
Source: set_0.exe, 00000008.00000002.2710384031.000000005F024000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x388
Source: set_0.exe, 00000005.00000002.2721076664.0000000055C24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit0x398
Source: assistant_installer.exe, 0000000D.00000002.2086747786.00000000053BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit1o
Source: assistant_installer.exe, 0000000D.00000002.2086747786.00000000053BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit82o
Source: set_0.exe, 00000005.00000002.2726519353.0000000055CB0000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000008.00000002.2711295217.000000005F0B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitC:
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003310000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitOperaDesktopGX
Source: set_0.exe, 00000005.00000002.2723950946.0000000055C5C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000005.00000002.2721076664.0000000055C24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submitU
Source: set_0.exe, 00000008.00000002.2710720209.000000005F054000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000008.00000002.2710384031.000000005F024000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submit_
Source: assistant_installer.exe, 0000000D.00000002.2086747786.00000000053BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crashstats-collector.opera.com/collector/submits
Source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: set_0.exe, 00000004.00000003.1890526974.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1880671252.00000000014A4000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1961703544.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1961786659.00000000014A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/
Source: set_0.exe, 00000004.00000003.1890526974.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1875320127.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1961703544.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1880671252.00000000014D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/:
Source: set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/F
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/J
Source: set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/LocalLow
Source: set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/SysWOW64
Source: set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/W
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/Y
Source: set_0.exe, 00000004.00000002.2704598316.0000000001486000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1875444698.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890721663.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1880671252.00000000014A4000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1961786659.00000000014A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/o
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/ppxSipVerifyIndirectData
Source: set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/
Source: set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/=
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/J
Source: set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/ppxSipVerifyIndirectDat
Source: set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/sdSipGetCapsera_GX_106.0.4998.74DlloupdaFuncName
Source: set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/sdSipVerifyHash
Source: set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/siSIPGetSignedDataMsg
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/siSIPVerifyIndirectDataDllFuncName
Source: set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v
Source: set_0.exe, 00000004.00000002.2707097483.0000000004A5D000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890610754.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1880671252.00000000014A4000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1961786659.00000000014A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary
Source: set_0.exe, 00000004.00000003.2038822175.000000000149B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary(
Source: set_0.exe, 00000004.00000002.2707097483.0000000004A5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary)
Source: set_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary)y
Source: set_0.exe, 00000004.00000002.2704598316.0000000001486000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binary9
Source: set_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryE
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryGs
Source: set_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryT
Source: set_0.exe, 00000004.00000002.2707097483.0000000004A5D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software
Source: set_0.exe, 00000004.00000003.2038822175.000000000149B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://desktop-netinstaller-sub.osp.opera.software/v1/binaryo
Source: quTbWcnSay.tmp, 00000001.00000003.1626108273.0000000003490000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://destructionheat.site/tracker/thank_you.php?trk=2577
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://doc-hosting.flycricket.io/health-tracker-privacy-policy/e1662a21-b082-4dae-bcb0-3abd33859f1c
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1875389522.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890526974.00000000014F9000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1875320127.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890610754.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1875320127.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890526974.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702223033.000000004962A000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1875320127.00000000014CB000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1c
Source: set_0.exe, 00000004.00000003.1880671252.00000000014AE000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1961786659.00000000014A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/download/get/?id=64832&autoupdate=1&ni=1&stream=stable&utm_campaign=PWN_R
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller
Source: set_0.exe, 00000004.00000003.1875320127.00000000014D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/l
Source: set_0.exe, 00000004.00000003.1875320127.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890610754.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890526974.0000000001500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download.opera.com/uid=fe2d2b1e-b1fb-460b-b93f-cacd7e2a9ee8&product=gx&channel=Stable&versio
Source: set_0.exe, 00000004.00000003.1890526974.0000000001500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/
Source: set_0.exe, 00000004.00000003.1890610754.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890526974.0000000001500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/D
Source: set_0.exe, 00000004.00000002.2707097483.0000000004A38000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2704598316.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2451230485.0000000004AE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/ftp/pub/.assistant_gx/73.0.3856.382/Opera_GX_assistant_73.0.3856.382_
Source: set_0.exe, 00000004.00000003.1890721663.00000000014C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/ftp/pub/opera_gx/106.0.4998.74/win/Opera_GX_106.0.4998.74_Autoupdate_
Source: set_0.exe, 00000004.00000002.2707097483.0000000004A5D000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2707097483.0000000004A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://download3.operacdn.com/res/servicefiles/partner_content/std-1/1698947853-custom_partner_cont
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?q=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.ico
Source: setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eventquill.online/
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eventquill.online/da.php?a=3876&cc=US&t=1707230103
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eventquill.online/da.php?a=3876&cc=US&t=1707230103InnoDownloadPlugin/1.5/USERAGENT/silentget
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eventquill.online/da.php?a=3876&cc=US&t=1707230103L
Source: explorer.exe, 00000012.00000002.2930674856.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2469716689.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://extension-updates.opera.com/api/omaha/update/
Source: set_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1866784694.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1875320127.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890610754.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890526974.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/
Source: installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=%s&language=%s&uuid=%s&product=%s&channel=%s
Source: set_0.exe, 00000004.00000003.1866784694.00000000014DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://features.opera-api2.com/api/v2/features?country=US&language=en-GB&uuid=fe2d2b1e-b1fb-460b-b9
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ff.search.yahoo.com/gossip?output=fxjson&command=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gaana.com/
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://help.instagram.com/581066165581870;
Source: launcher.exe, 00000026.00000002.2609155254.0000033800284000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://help.opera.com/latest/
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 00000012.00000000.2465864091.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: quTbWcnSay.exe, 00000000.00000000.1619848878.0000000000401000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://legal.opera.com/eula/computers
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://legal.opera.com/eula/computers/
Source: installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://legal.opera.com/privacy
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://legal.opera.com/privacy.
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://legal.opera.com/privacy/
Source: set_0.exe, 00000004.00000002.2702734129.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005A9000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://legal.opera.com/terms
Source: installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://legal.opera.com/terms.
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://listen.tidal.com/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://listen.tidal.com/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.tidal.com
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/at/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/au/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/be/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/bg/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/br/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/by/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ca/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ch/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/cn/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/cz/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/de/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/dk/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/eg/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/es/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/fi/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/fr/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/gb/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/hu/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/id/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/in/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/it/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/jp/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ke/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/kr/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/kz/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ma/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/mx/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/my/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ng/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/nl/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/no/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ph/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/pl/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ro/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/rs/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ru/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/se/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/sg/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/sk/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/th/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/tr/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/ua/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/us/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/vn/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.apple.com/za/browse
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://music.youtube.com
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/I.S/
Source: setup.exe, 00000002.00000003.1815157179.0000000002B7D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000003.1837511243.0000000002B7F000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2895127853.0000000000617000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://net.geo.opera.com/opera_gx/stable/edition/std-1?utm_source=PWNgames&utm_medium=pa&utm_campai
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nova.rambler.ru/suggest?v=3&query=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauth.play.pl/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://offer.tidal.com
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://open.spotify.com
Source: hi.pak.7.drString found in binary or memory: https://opera.cloudflare-dns.com/dns-query
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://opera.com/privacy
Source: explorer.exe, 00000012.00000002.2930674856.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2469716689.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
Source: set_0.exe, 00000004.00000002.2702734129.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005A9000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://policies.google.com/terms;
Source: explorer.exe, 00000012.00000002.2930674856.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2469716689.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/amazon/?q=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/search/rambler/?q=
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://redir.opera.com/uninstallsurvey/
Source: launcher.exe, 00000023.00000002.2848402305.00000F3C002C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_RO_PB3_DD_3661&utm_content=3661_
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.seznam.cz/?q=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.co.jp/search?ei=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/search?ei=
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://soundcloud.com/
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://sourcecode.opera.com
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://suggest.yandex.com.tr/suggest-opera?part=
Source: hi.pak.7.drString found in binary or memory: https://support.google.com/chrome/a/?p=block_warn
Source: hi.pak.7.drString found in binary or memory: https://support.google.com/chrome/a/answer/9122284
Source: hi.pak.7.drString found in binary or memory: https://sync.opera.com$1
Source: set_0.exe, 00000004.00000002.2702734129.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005A9000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://telegram.org/tos/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://translate.yandex.fr/?text=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://translate.yandex.net/main/v2.92.1465389915/i/favicon.ico
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://twitter.com/en/tos;
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/oauth
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000012.00000000.2469716689.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2930674856.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 00000012.00000002.2930674856.000000000C5AA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2469716689.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/baidu?wd=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/favicon.ico
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.biphic.com/6X6S73Q/KLT11XW/?sub1=2577&sub2=2577
Source: setup.exe, 00000002.00000003.1815157179.0000000002B7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.biphic.com/6X6S73Q/KLT11XW/?sub1=2577&sub2=2577SiteNone
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.biphic.com/?7
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.biphic.com/D6Z/
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/bg/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/br/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/cz/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/de/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/en/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/es/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/fi/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/fr/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/hu/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/id/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/it/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/mx/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/nl/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/no/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/pl/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/ro/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/ru/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/se/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/sk/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/sr/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/th/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/tr/login
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.deezer.com/us/login
Source: set_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2704598316.0000000001486000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2702282381.000000004960C000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081092653.0000000000670000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=opera&q=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=opera-gx&q=
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.inlogbrowser.com/eula.txt
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.inlogbrowser.com/pp.txt
Source: quTbWcnSay.exe, 00000000.00000003.1621844323.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.exe, 00000000.00000003.1621445927.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000000.1623987212.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.innosetup.com/
Source: setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leestcruv.cloud/
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leestcruv.cloud/browser/Icreplo_98220.exe
Source: setup.exe, 00000002.00000002.2908068672.0000000002B50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.leestcruv.cloud/browser/Icreplo_98220.exe?
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 00000012.00000000.2465864091.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 00000012.00000002.2914007528.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.opera.com
Source: set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.opera.com..
Source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, launcher.exe, 00000023.00000002.2847737095.00000F3C0028C000.00000004.00001000.00020000.00000000.sdmp, launcher.exe, 00000026.00000002.2609155254.0000033800284000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.opera.com/gx/
Source: launcher.exe, 00000026.00000002.2609155254.0000033800284000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/gx/.74https://www.opera.com/gx/est/
Source: launcher.exe, 00000023.00000002.2847737095.00000F3C0028C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.opera.com/gx/.74https://www.opera.com/gx/est/features-dna-requirements
Source: installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.opera.com/privacy
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rambler.ru/favicon.ico
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: quTbWcnSay.exe, 00000000.00000003.1621844323.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.exe, 00000000.00000003.1621445927.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000000.1623987212.0000000000401000.00000020.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.seznam.cz/favicon.ico
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/favicon.ico
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/s?src=lm&ls=sm2561755&lm_extend=ctype:31&q=
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.termsfeed.com/live/4bb495ca-d123-4f4d-a727-e9c4d0f3fabe
Source: set_0.exe, 00000004.00000002.2702734129.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005A9000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpString found in binary or memory: https://www.whatsapp.com/legal;
Source: quTbWcnSay.exe, 00000000.00000003.1620442786.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000003.1626108273.0000000003490000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.win-rar.com.https://www.win-rar.com.https://www.win-rar.com
Source: quTbWcnSay.tmp, 00000001.00000002.2902781594.0000000000CF3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.win-rar.com03
Source: quTbWcnSay.exe, 00000000.00000002.2892680375.0000000002453000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.win-rar.com03E
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.yahoo.co.jp/favicon.ico
Source: setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://y-cleaner.com/eula.php
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yandex.com.tr/search/?clid=1669559&text=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yandex.fr/search/?clid=2358536&text=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yandex.ua/search/?clid=2358536&text=
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yastatic.net/s3/home-static/_/92/929b10d17990e806734f68758ec917ec.png
Source: installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yastatic.net/s3/home-static/_/f4/f47b1b3d8194c36ce660324ab55a04fe.png

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Contains functionality to register a low level keyboard hook
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00408643 SetWindowsHookExW 00000002,Function_00008615,00000000,0000000011_2_00408643
Installs a global event hook (focus changed)
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeWindows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULL
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_00404EE8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,2_2_00404EE8
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D82770: CreateFileW,DeviceIoControl,GetLastError,12_2_00D82770
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DC4EE0 SetHandleInformation,SetHandleInformation,CreateEnvironmentBlock,CreateProcessAsUserW,DestroyEnvironmentBlock,GetEnvironmentStringsW,FreeEnvironmentStringsW,CreateProcessW,AssignProcessToJobObject,AllowSetForegroundWindow,WaitForSingleObject,12_2_00DC4EE0
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_004030FA EntryPoint,#17,SetErrorMode,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcmpiA,CreateDirectoryA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,2_2_004030FA
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpFile created: C:\Windows\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_004061282_2_00406128
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_004046F92_2_004046F9
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_004068FF2_2_004068FF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_0040575011_2_00405750
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_0041304B11_2_0041304B
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_0040AD4011_2_0040AD40
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_0041291011_2_00412910
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_004132E311_2_004132E3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00412F7111_2_00412F71
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DB0EE012_2_00DB0EE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DDB18D12_2_00DDB18D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DDF1B412_2_00DDF1B4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DDF78212_2_00DDF782
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E2206C12_2_00E2206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DD019012_2_00DD0190
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D6A17012_2_00D6A170
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DD22C012_2_00DD22C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D7029012_2_00D70290
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D9848012_2_00D98480
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DB441012_2_00DB4410
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EA243A12_2_00EA243A
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D707C012_2_00D707C0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D8074612_2_00D80746
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DB473012_2_00DB4730
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DB48E012_2_00DB48E0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EBC89C12_2_00EBC89C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EA086412_2_00EA0864
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DEA9F012_2_00DEA9F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EBC95412_2_00EBC954
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DB8AC012_2_00DB8AC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EA2ACB12_2_00EA2ACB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D76C7612_2_00D76C76
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E56D0E12_2_00E56D0E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DB8EC012_2_00DB8EC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EC4EB612_2_00EC4EB6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E2D01412_2_00E2D014
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E211A612_2_00E211A6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D8918012_2_00D89180
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EA118912_2_00EA1189
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EA313012_2_00EA3130
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DF13D412_2_00DF13D4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D6F3EC12_2_00D6F3EC
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DB737012_2_00DB7370
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D794D212_2_00D794D2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DC54D012_2_00DC54D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DE94F012_2_00DE94F0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E2949412_2_00E29494
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E535F412_2_00E535F4
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DAD7D012_2_00DAD7D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DCF8B012_2_00DCF8B0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E2D98E12_2_00E2D98E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EA3A9D12_2_00EA3A9D
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D6DA7812_2_00D6DA78
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E9FBCF12_2_00E9FBCF
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EC1B4112_2_00EC1B41
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DCFB0012_2_00DCFB00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D7BC7012_2_00D7BC70
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DF3DE012_2_00DF3DE0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DC5D1012_2_00DC5D10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DCFD1012_2_00DCFD10
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DFFE3012_2_00DFFE30
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D6FFC012_2_00D6FFC0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E9BFB012_2_00E9BFB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D7DF4012_2_00D7DF40
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Opera_GX_assistant_73.0.3856.382_Setup[1].exe E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exe DA1B144B5F908CB7E811489DFE660E06AA6DF9C9158C6972EC9C79C48AFACB7E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: String function: 004026DC appears 38 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: String function: 00E9A840 appears 42 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: String function: 00DABE50 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: String function: 00D63696 appears 64 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: String function: 00EB42D0 appears 53 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: String function: 00DAC9E0 appears 39 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: String function: 00DAB9C0 appears 68 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: String function: 00D61741 appears 201 times
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: String function: 00DABEC0 appears 133 times
Source: quTbWcnSay.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-0PI61.tmp.1.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: installer.exe.7.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (console) x86-64, for MS Windows
Source: installer_helper_64.exe.7.drStatic PE information: Number of sections : 11 > 10
Source: dxcompiler.dll.7.drStatic PE information: Number of sections : 11 > 10
Source: opera_gx_splash.exe.7.drStatic PE information: Number of sections : 11 > 10
Source: vk_swiftshader.dll.7.drStatic PE information: Number of sections : 11 > 10
Source: launcher.exe.7.drStatic PE information: Number of sections : 13 > 10
Source: opera_crashreporter.exe.7.drStatic PE information: Number of sections : 13 > 10
Source: libEGL.dll.7.drStatic PE information: Number of sections : 11 > 10
Source: installer.exe.7.drStatic PE information: Number of sections : 11 > 10
Source: mojo_core.dll.7.drStatic PE information: Number of sections : 11 > 10
Source: vulkan-1.dll.7.drStatic PE information: Number of sections : 11 > 10
Source: opera_elf.dll.7.drStatic PE information: Number of sections : 11 > 10
Source: opera_autoupdate.exe.7.drStatic PE information: Number of sections : 14 > 10
Source: opera.exe.7.drStatic PE information: Number of sections : 11 > 10
Source: libGLESv2.dll.7.drStatic PE information: Number of sections : 11 > 10
Source: win10_share_handler.dll.7.drStatic PE information: Number of sections : 11 > 10
Source: opera_browser.dll.7.drStatic PE information: Number of sections : 15 > 10
Source: notification_helper.exe.7.drStatic PE information: Number of sections : 12 > 10
Source: quTbWcnSay.exe, 00000000.00000003.1621844323.000000007FE35000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs quTbWcnSay.exe
Source: quTbWcnSay.exe, 00000000.00000003.1621445927.00000000027B8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs quTbWcnSay.exe
Source: quTbWcnSay.exe, 00000000.00000000.1620044581.00000000004C6000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs quTbWcnSay.exe
Source: quTbWcnSay.exe, 00000000.00000002.2892680375.0000000002418000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamekernel32j% vs quTbWcnSay.exe
Source: C:\Users\user\Desktop\quTbWcnSay.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\quTbWcnSay.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\quTbWcnSay.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\quTbWcnSay.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\quTbWcnSay.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: dbgcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: acgenral.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: samcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: acgenral.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: samcli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: msacm32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: mpr.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: winmmbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: aclayers.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: sfc.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: sfc_os.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: linkinfo.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: ntshrui.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: cscapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: appresolver.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: bcp47langs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: slc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: sppc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: windows.fileexplorer.common.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: uiautomationcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: uiamanager.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: sxs.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: dwmapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: actxprxy.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: twinapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: twinapi.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: taskschd.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: xmllite.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: firewallapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: dnsapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: iphlpapi.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: fwbase.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: fwpolicyiomgr.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: version.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: msimg32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: dbghelp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: dbgcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: msasn1.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeSection loaded: iertutil.dll
Source: C:\Windows\explorer.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dll
Source: C:\Windows\explorer.exeSection loaded: msvcp140.dll
Source: C:\Windows\explorer.exeSection loaded: vcruntime140.dll
Source: C:\Windows\explorer.exeSection loaded: twext.dll
Source: C:\Windows\explorer.exeSection loaded: zipfldr.dll
Source: C:\Windows\explorer.exeSection loaded: sendmail.dll
Source: C:\Windows\explorer.exeSection loaded: acppage.dll
Source: C:\Windows\explorer.exeSection loaded: sfc.dll
Source: C:\Windows\explorer.exeSection loaded: msi.dll
Source: C:\Windows\explorer.exeSection loaded: mydocs.dll
Source: C:\Windows\explorer.exeSection loaded: drprov.dll
Source: C:\Windows\explorer.exeSection loaded: ntlanman.dll
Source: C:\Windows\explorer.exeSection loaded: davclnt.dll
Source: C:\Windows\explorer.exeSection loaded: davhlpr.dll
Source: C:\Windows\explorer.exeSection loaded: playtodevice.dll
Source: C:\Windows\explorer.exeSection loaded: ehstorapi.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: uiautomationcore.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exeSection loaded: cryptbase.dll
Source: quTbWcnSay.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
Source: classification engineClassification label: mal42.spyw.winEXE@35/254@0/15
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00408DD2 wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,11_2_00408DD2
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D8051B GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,12_2_00D8051B
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_004041FC GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,2_2_004041FC
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_00402020 CoCreateInstance,MultiByteToWideChar,2_2_00402020
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00401DF5 GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress,11_2_00401DF5
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpFile created: C:\Users\user\AppData\Local\ProgramsJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeMutant created: \Sessions\1\BaseNamedObjects\opera_splash_lock_0e78e69c624cbcf87c7f299659eb65c0
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeMutant created: \Sessions\1\BaseNamedObjects\Global\Opera/Installer/C:/Users/user/AppData/Local/Programs/Opera GX
Source: C:\Users\user\Desktop\quTbWcnSay.exeFile created: C:\Users\user\AppData\Local\Temp\is-G41TD.tmpJump to behavior
Source: C:\Users\user\Desktop\quTbWcnSay.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\quTbWcnSay.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\quTbWcnSay.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: quTbWcnSay.exeReversingLabs: Detection: 26%
Source: quTbWcnSay.exeVirustotal: Detection: 23%
Source: set_0.exeString found in binary or memory: Ini-install lamang ang mga setting ng shortcut at rehistro para sa kaslukuyang user. Hindi kinakailangan ng mga prebilehiyo ng sys
Source: set_0.exeString found in binary or memory: Ini-install ang lahat sa iisang folder, lokal man o sa panlabas na media, tulad ng USB drive, nang hindi ginagalaw ang rehistro o
Source: set_0.exeString found in binary or memory: Nabigong i-download ang Opera.(Hindi nagawa ang pag-extract ng package.;Nagkaroon ng error habang sinusubukang i-install ang Opera
Source: set_0.exeString found in binary or memory: May isa pang pagkakataon ng installer ng Opera ang gumagawa na sa folder na ito. Alinman ay maaari mong kanselahin ang pag-install
Source: set_0.exeString found in binary or memory: Hindi malikha ang folder na $1.JWalang sapat na mga privilege para sa pag-install sa ninanais na lokasyon.@Nabigong makakuha ng ad
Source: set_0.exeString found in binary or memory: Hindi ma-install ang Opera.exe. Naka-lock ang ilang file sa folder ng pag-install. I-restart ang computer o i-unblock ang mga file
Source: set_0.exeString found in binary or memory: XHindi na-reinstall ang Opera.exe. Siguraduhing hindi gumagana ang Opera at subukan ulit.QHindi ma-update ang Opera. Siguraduhing
Source: set_0.exeString found in binary or memory: Installatie&pad#Installeer voor alle gebruikers in:%Installeer voor huidige gebruiker in: Standalone-installatie (USB) in:
Source: set_0.exeString found in binary or memory: ran-launcher
Source: set_0.exeString found in binary or memory: pangunahin mong dahilan sa pag-uninstall ng Opera?ZWala namang problema. Magre-reinstall o mag-a-update lang ako sa isang mas bag
Source: set_0.exeString found in binary or memory: Een andere instantie van het Opera-installatieprogramma werkt al in deze map. Je kan de installatie annuleren, of over een paar mi
Source: set_0.exeString found in binary or memory: Opera-installeringsprogrammInstallationsfilen ser ud til at vre beskadiget. G til <a href="tos">www.opera.com</a>, og hent Opera
Source: set_0.exeString found in binary or memory: &Re-install
Source: set_0.exeString found in binary or memory: Global\Opera/Installer/
Source: set_0.exeString found in binary or memory: s Breakpad server URL, only if uploads are enabled for the database --help display this help and exit --version output version information and exit
Source: set_0.exeString found in binary or memory: s Breakpad server URL, only if uploads are enabled for the database --help display this help and exit --version output version information and exit
Source: set_0.exeString found in binary or memory: enable-installer-stats
Source: set_0.exeString found in binary or memory: run-at-startup
Source: set_0.exeString found in binary or memory: show-eula-window-on-start
Source: set_0.exeString found in binary or memory: master-copy-installation
Source: set_0.exeString found in binary or memory: launchopera-on-os-start
Source: set_0.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: set_0.exeString found in binary or memory: override-additional-config-url
Source: set_0.exeString found in binary or memory: post-elevated-install-tasks
Source: set_0.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: set_0.exeString found in binary or memory: all-installer-experiments
Source: set_0.exeString found in binary or memory: partition_alloc/address_space
Source: set_0.exeString found in binary or memory: gendQ$1 kann nicht zustzlich zu einer bestehenden $2-Installation installiert werden. Laufwerk $1 ($2 MB erforderlich)-Wird herun
Source: set_0.exeString found in binary or memory: opera-startpage-special
Source: set_0.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: set_0.exeString found in binary or memory: run-at-startup-default
Source: set_0.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: set_0.exeString found in binary or memory: video-on-start-page
Source: set_0.exeString found in binary or memory: yat-emoji-addresses
Source: set_0.exeString found in binary or memory: installer-bypass-launcher
Source: set_0.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: set_0.exeString found in binary or memory: Path sa &pag-install#I-install para sa lahat ng user sa:'I-install para sa kasalukuyang user sa:&Stand-alone na pag-i-install (USB
Source: set_0.exeString found in binary or memory: &Baguhin!Di-balido ang path sa pag-install$Gawing &default na browser ang Opera>&Mag-import ng mga bookmark at data mula sa defaul
Source: set_0.exeString found in binary or memory: +Ini-install para sa kasalukuyang user ($1)
Source: set_0.exeString found in binary or memory: Ini-install
Source: set_0.exeString found in binary or memory: Kasalukuyang user Stand-alone na pag-install (USB)'&Tanggalin ang user data ng aking Opera5&Alisin ang kasamang App ng mga Animate
Source: set_0.exeString found in binary or memory: y mawawala. Gusto mo bang ipagpatuloy?bHindi natapos sa Opera ang pag-install. Sigurado ka bang hindi mo na ipagpatuloy ang instal
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Ini-install ang Opera na may mga settin ng shortcut at rehistro para sa lahat ng user na nasa system. Kinakailangan ng mga prebile
Source: set_0.exeString found in binary or memory: all-installer-experiments
Source: set_0.exeString found in binary or memory: ran-launcher
Source: set_0.exeString found in binary or memory: opera-startpage-special
Source: set_0.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: set_0.exeString found in binary or memory: run-at-startup-default
Source: set_0.exeString found in binary or memory: run-at-startup
Source: set_0.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: set_0.exeString found in binary or memory: video-on-start-page
Source: set_0.exeString found in binary or memory: Global\Opera/Installer/
Source: set_0.exeString found in binary or memory: yat-emoji-addresses
Source: set_0.exeString found in binary or memory: installer-bypass-launcher
Source: set_0.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: set_0.exeString found in binary or memory: enable-installer-stats
Source: set_0.exeString found in binary or memory: show-eula-window-on-start
Source: set_0.exeString found in binary or memory: master-copy-installation
Source: set_0.exeString found in binary or memory: launchopera-on-os-start
Source: set_0.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: set_0.exeString found in binary or memory: override-additional-config-url
Source: set_0.exeString found in binary or memory: post-elevated-install-tasks
Source: set_0.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: all-installer-experiments
Source: set_0.exeString found in binary or memory: ran-launcher
Source: set_0.exeString found in binary or memory: opera-startpage-special
Source: set_0.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: set_0.exeString found in binary or memory: run-at-startup
Source: set_0.exeString found in binary or memory: run-at-startup-default
Source: set_0.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: set_0.exeString found in binary or memory: video-on-start-page
Source: set_0.exeString found in binary or memory: Global\Opera/Installer/
Source: set_0.exeString found in binary or memory: yat-emoji-addresses
Source: set_0.exeString found in binary or memory: installer-bypass-launcher
Source: set_0.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: set_0.exeString found in binary or memory: enable-installer-stats
Source: set_0.exeString found in binary or memory: show-eula-window-on-start
Source: set_0.exeString found in binary or memory: launchopera-on-os-start
Source: set_0.exeString found in binary or memory: master-copy-installation
Source: set_0.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: set_0.exeString found in binary or memory: override-additional-config-url
Source: set_0.exeString found in binary or memory: post-elevated-install-tasks
Source: set_0.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: all-installer-experiments
Source: set_0.exeString found in binary or memory: ran-launcher
Source: set_0.exeString found in binary or memory: opera-startpage-special
Source: set_0.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: set_0.exeString found in binary or memory: run-at-startup-default
Source: set_0.exeString found in binary or memory: run-at-startup
Source: set_0.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: set_0.exeString found in binary or memory: video-on-start-page
Source: set_0.exeString found in binary or memory: Global\Opera/Installer/
Source: set_0.exeString found in binary or memory: yat-emoji-addresses
Source: set_0.exeString found in binary or memory: installer-bypass-launcher
Source: set_0.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: set_0.exeString found in binary or memory: enable-installer-stats
Source: set_0.exeString found in binary or memory: show-eula-window-on-start
Source: set_0.exeString found in binary or memory: master-copy-installation
Source: set_0.exeString found in binary or memory: launchopera-on-os-start
Source: set_0.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: set_0.exeString found in binary or memory: override-additional-config-url
Source: set_0.exeString found in binary or memory: post-elevated-install-tasks
Source: set_0.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: all-installer-experiments
Source: set_0.exeString found in binary or memory: ran-launcher
Source: set_0.exeString found in binary or memory: opera-startpage-special
Source: set_0.exeString found in binary or memory: replace-addons-extensions-with-gx-store-substitutes
Source: set_0.exeString found in binary or memory: run-at-startup-default
Source: set_0.exeString found in binary or memory: run-at-startup
Source: set_0.exeString found in binary or memory: Local\%ls/Installer/UI_lock
Source: set_0.exeString found in binary or memory: video-on-start-page
Source: set_0.exeString found in binary or memory: Global\Opera/Installer/
Source: set_0.exeString found in binary or memory: yat-emoji-addresses
Source: set_0.exeString found in binary or memory: installer-bypass-launcher
Source: set_0.exeString found in binary or memory: When enabled, https://addons.opera.com/en/extensions/details/dify-cashback/ extension will be added to the user's extensions
Source: set_0.exeString found in binary or memory: enable-installer-stats
Source: set_0.exeString found in binary or memory: show-eula-window-on-start
Source: set_0.exeString found in binary or memory: master-copy-installation
Source: set_0.exeString found in binary or memory: launchopera-on-os-start
Source: set_0.exeString found in binary or memory: test-pre-installed-extensions-dir
Source: set_0.exeString found in binary or memory: override-additional-config-url
Source: set_0.exeString found in binary or memory: post-elevated-install-tasks
Source: set_0.exeString found in binary or memory: OperaInstaller/InstallationInterrupted
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: set_0.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/move_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/unpack_archive_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/service/task_scheduler_v2.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/common/association_utils.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/change_reg_value_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/copy_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../base/process/launch_win.cc
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_folder_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/assistant/installer/assistant_installer_steps.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/create_reg_key_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/status/json_installation_status_writer.cc
Source: assistant_installer.exeString found in binary or memory: post-elevated-install-tasks
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc
Source: assistant_installer.exeString found in binary or memory: ../../opera/desktop/windows/installer/transactions/delete_reg_key_operation.cc
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: assistant_installer.exeString found in binary or memory: Try '%ls --help' for more information.
Source: C:\Users\user\Desktop\quTbWcnSay.exeFile read: C:\Users\user\Desktop\quTbWcnSay.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\quTbWcnSay.exe C:\Users\user\Desktop\quTbWcnSay.exe
Source: C:\Users\user\Desktop\quTbWcnSay.exeProcess created: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp "C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp" /SL5="$20458,832512,832512,C:\Users\user\Desktop\quTbWcnSay.exe"
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --silent --allusers=0
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c5ae5e8,0x6c5ae5f4,0x6c5ae600
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe" --version
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7664 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240206153514" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0806000000000000
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6ba1e5e8,0x6ba1e5f4,0x6ba1e600
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --version
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0xf14f48,0xf14f58,0xf14f64
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe" --backend --initial-pid=7664 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9 --silent --desktopshortcut=1 --install-subfolder=106.0.4998.74
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ffdfb94a5b0,0x7ffdfb94a5bc,0x7ffdfb94a5c8
Source: unknownProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate 0
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version
Source: C:\Users\user\Desktop\quTbWcnSay.exeProcess created: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp "C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp" /SL5="$20458,832512,832512,C:\Users\user\Desktop\quTbWcnSay.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --silent --allusers=0Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c5ae5e8,0x6c5ae5f4,0x6c5ae600Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe" --versionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7664 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240206153514" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0806000000000000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --versionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6ba1e5e8,0x6ba1e5f4,0x6ba1e600Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe" --backend --initial-pid=7664 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9 --silent --desktopshortcut=1 --install-subfolder=106.0.4998.74Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0xf14f48,0xf14f58,0xf14f64
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ffdfb94a5b0,0x7ffdfb94a5bc,0x7ffdfb94a5c8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe "C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe "C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpAutomated click: Next
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeWindow detected: &Next >CancelAdvanced System Repair Pro 2002 Portable Optimization SCloudWS.exe Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exeLicense AgreementPlease review the license terms before installing Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe.Press Page Down to see the rest of the agreement.Welcome this is an important message and license agreement so please read all below carefully. Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe is financed by advertisement. By clicking Accept you will continue with the installation of Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe and the offers listed below.Get an unparalleled gaming and browsing experience on mobile and desktop with OperaGX. Set limits on CPU RAM and Network usage use Discord & Twitch from the sidebar and connect mobile and desktop browsers with the file-sharing Flow feature. By clicking "Accept" I agree to the EULA <https://legal.opera.com/eula/computers/> Privacy Policy <https://legal.opera.com/privacy/> and consent to install.Browser is fast and secure web browser which does not collect your usage data.By clicking "Accept" I agree to the EULA <https://www.inlogbrowser.com/eula.txt> Privacy Policy <https://www.inlogbrowser.com/pp.txt> and consent to install Inlog Browser. This program can be removed at anytime in Windows Add/Remove Programs.your PC run like its brand new! Install Windows Manager the best utility for windows! Accept the EULA <https://advancedmanager.io/eula> and Privacy Policy <https://advancedmanager.io/privacy-policy> by pressing "Agree". A proxy service to protect your privacy. Accept the EULA <https://www.termsfeed.com/live/4bb495ca-d123-4f4d-a727-e9c4d0f3fabe> by pressing "Agree". Y-Cleaner is fast and easy way to clean and keep your PC optimized.By clicking "Accept" I agree to the EULA <https://y-cleaner.com/eula.php > and consent to install.tracker - An intuitive health monitoring application that seamlessly tracks analyzes and gives insights about your daily health metrics. Accept the EULA <https://doc-hosting.flycricket.io/health-tracker-privacy-policy/e1662a21-b082-4dae-bcb0-3abd33859f1c/privacy> and install by pressing "Next". If you accept the terms of the agreement click I Agree to continue. You must accept the agreement to install Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe.
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX 106.0.4998.74
Source: quTbWcnSay.exeStatic file information: File size 1672111 > 1048576
Source: quTbWcnSay.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: assistant_installer.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2086375048.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer.exe.pdb source: set_0.exe, set_0.exe, 00000008.00000002.2707253029.0000000000651000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000000.2434562541.00007FF6FAF81000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000E.00000002.2671316945.00007FF6FAF81000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2703850860.00007FF6FAF81000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000000.2439225002.00007FF6FAF81000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000002.2608443840.00007FF7F24B1000.00000002.00000001.01000000.0000001B.sdmp, installer.exe, 00000028.00000000.2548735956.00007FF7F24B1000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: browser_assistant.exe.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: jyKJvjQuuEeSXFxWJ.exe, 00000013.00000000.2483862376.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000014.00000000.2485670854.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000015.00000002.2888716675.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000016.00000002.2886810654.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000017.00000000.2489723023.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000019.00000002.2889213969.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001A.00000002.2888060387.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001B.00000002.2887166190.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001C.00000000.2508513507.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001D.00000000.2514339988.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001E.00000000.2521152904.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 0000001F.00000000.2524673543.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000020.00000000.2526989449.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000021.00000000.2529094326.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000022.00000002.2887687228.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000025.00000000.2541216607.00000000001CE000.00000002.00000001.01000000.00000019.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000027.00000000.2544650787.00000000001CE000.00000002.00000001.01000000.00000019.sdmp
Source: Binary string: mojo_core.dll.pdb source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2081307134.0000000003D70000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ller_lib.dll.pdb source: set_0.exe, 00000004.00000000.1839051703.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000000.1841922680.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.1846415856.000000000078C000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000000.1851965103.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000000.1855739405.000000000088C000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: .exe.pdb source: set_0.exe, 00000004.00000000.1839051703.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000000.1841922680.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000000.1846415856.000000000078C000.00000080.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000000.1851965103.000000000088C000.00000080.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000000.1855739405.000000000088C000.00000080.00000001.01000000.0000000C.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\launcher.exe.pdb source: installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000023.00000002.2850858789.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000023.00000000.2537172061.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000026.00000002.2661332331.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000026.00000000.2544576973.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp
Source: Binary string: browser_assistant.exe.pdbe source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003751000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\srv\slave\workdir\repos\opera\chromium\src\out\Release\installer_lib.dll.pdb source: set_0.exe, set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmp
Source: Binary string: assistant_installer.exe.pdb@ source: Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000002.2086375048.0000000000EF5000.00000002.00000001.01000000.00000014.sdmp
Source: dxil.dll.7.drStatic PE information: 0x7DBE8527 [Fri Nov 7 02:32:07 2036 UTC]
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_00405D2E GetModuleHandleA,LoadLibraryA,GetProcAddress,2_2_00405D2E
Source: set_0.exe.2.drStatic PE information: real checksum: 0x338020 should be: 0x33c6b9
Source: set_0.exe.4.drStatic PE information: real checksum: 0x338020 should be: 0x33c6b9
Source: OperaGXSetup[1].exe.2.drStatic PE information: real checksum: 0x338020 should be: 0x33c6b9
Source: inetc.dll.2.drStatic PE information: real checksum: 0x0 should be: 0x1255d
Source: quTbWcnSay.exeStatic PE information: real checksum: 0x0 should be: 0x198525
Source: is-T5V69.tmp.1.drStatic PE information: real checksum: 0x0 should be: 0x1dd9c
Source: is-0PI61.tmp.1.drStatic PE information: real checksum: 0x0 should be: 0x31d65f
Source: is-S11RF.tmp.1.drStatic PE information: real checksum: 0x0 should be: 0x1dd9c
Source: quTbWcnSay.tmp.0.drStatic PE information: real checksum: 0x0 should be: 0x312b03
Source: quTbWcnSay.exeStatic PE information: section name: .didata
Source: quTbWcnSay.tmp.0.drStatic PE information: section name: .didata
Source: is-0PI61.tmp.1.drStatic PE information: section name: .didata
Source: Icreplo_98220[1].exe.2.drStatic PE information: section name: .didata
Source: set_1.exe.2.drStatic PE information: section name: .didata
Source: Opera_installer_2402061435131327664.dll.4.drStatic PE information: section name: .00cfg
Source: Opera_installer_2402061435131327664.dll.4.drStatic PE information: section name: .rodata
Source: Opera_installer_2402061435131327664.dll.4.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2402061435131327664.dll.4.drStatic PE information: section name: malloc_h
Source: Opera_installer_2402061435134067684.dll.5.drStatic PE information: section name: .00cfg
Source: Opera_installer_2402061435134067684.dll.5.drStatic PE information: section name: .rodata
Source: Opera_installer_2402061435134067684.dll.5.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2402061435134067684.dll.5.drStatic PE information: section name: malloc_h
Source: Opera_installer_2402061435138567768.dll.6.drStatic PE information: section name: .00cfg
Source: Opera_installer_2402061435138567768.dll.6.drStatic PE information: section name: .rodata
Source: Opera_installer_2402061435138567768.dll.6.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2402061435138567768.dll.6.drStatic PE information: section name: malloc_h
Source: mojo_core.dll.7.drStatic PE information: section name: .00cfg
Source: mojo_core.dll.7.drStatic PE information: section name: .gxfg
Source: mojo_core.dll.7.drStatic PE information: section name: .retplne
Source: mojo_core.dll.7.drStatic PE information: section name: _RDATA
Source: Opera_installer_2402061435144237796.dll.7.drStatic PE information: section name: .00cfg
Source: Opera_installer_2402061435144237796.dll.7.drStatic PE information: section name: .rodata
Source: Opera_installer_2402061435144237796.dll.7.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2402061435144237796.dll.7.drStatic PE information: section name: malloc_h
Source: notification_helper.exe.7.drStatic PE information: section name: .00cfg
Source: notification_helper.exe.7.drStatic PE information: section name: .gxfg
Source: notification_helper.exe.7.drStatic PE information: section name: .retplne
Source: notification_helper.exe.7.drStatic PE information: section name: CPADinfo
Source: notification_helper.exe.7.drStatic PE information: section name: _RDATA
Source: opera.exe.7.drStatic PE information: section name: .00cfg
Source: opera.exe.7.drStatic PE information: section name: .gxfg
Source: opera.exe.7.drStatic PE information: section name: .retplne
Source: opera.exe.7.drStatic PE information: section name: _RDATA
Source: opera_autoupdate.exe.7.drStatic PE information: section name: .00cfg
Source: opera_autoupdate.exe.7.drStatic PE information: section name: .gxfg
Source: opera_autoupdate.exe.7.drStatic PE information: section name: .retplne
Source: opera_autoupdate.exe.7.drStatic PE information: section name: CPADinfo
Source: opera_autoupdate.exe.7.drStatic PE information: section name: LZMADEC
Source: opera_autoupdate.exe.7.drStatic PE information: section name: _RDATA
Source: opera_autoupdate.exe.7.drStatic PE information: section name: malloc_h
Source: opera_browser.dll.7.drStatic PE information: section name: .00cfg
Source: opera_browser.dll.7.drStatic PE information: section name: .gxfg
Source: opera_browser.dll.7.drStatic PE information: section name: .retplne
Source: opera_browser.dll.7.drStatic PE information: section name: .rodata
Source: opera_browser.dll.7.drStatic PE information: section name: CPADinfo
Source: opera_browser.dll.7.drStatic PE information: section name: LZMADEC
Source: opera_browser.dll.7.drStatic PE information: section name: _RDATA
Source: opera_browser.dll.7.drStatic PE information: section name: malloc_h
Source: opera_crashreporter.exe.7.drStatic PE information: section name: .00cfg
Source: opera_crashreporter.exe.7.drStatic PE information: section name: .gxfg
Source: opera_crashreporter.exe.7.drStatic PE information: section name: .retplne
Source: opera_crashreporter.exe.7.drStatic PE information: section name: CPADinfo
Source: opera_crashreporter.exe.7.drStatic PE information: section name: _RDATA
Source: opera_crashreporter.exe.7.drStatic PE information: section name: malloc_h
Source: opera_elf.dll.7.drStatic PE information: section name: .00cfg
Source: opera_elf.dll.7.drStatic PE information: section name: .gxfg
Source: opera_elf.dll.7.drStatic PE information: section name: .retplne
Source: opera_elf.dll.7.drStatic PE information: section name: _RDATA
Source: opera_gx_splash.exe.7.drStatic PE information: section name: .00cfg
Source: opera_gx_splash.exe.7.drStatic PE information: section name: .gxfg
Source: opera_gx_splash.exe.7.drStatic PE information: section name: .retplne
Source: opera_gx_splash.exe.7.drStatic PE information: section name: _RDATA
Source: CUESDK.x64_2017.dll.7.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll.7.drStatic PE information: section name: .00cfg
Source: dxcompiler.dll.7.drStatic PE information: section name: .gxfg
Source: dxcompiler.dll.7.drStatic PE information: section name: .retplne
Source: dxcompiler.dll.7.drStatic PE information: section name: _RDATA
Source: dxil.dll.7.drStatic PE information: section name: _RDATA
Source: installer.exe.7.drStatic PE information: section name: .00cfg
Source: installer.exe.7.drStatic PE information: section name: .gxfg
Source: installer.exe.7.drStatic PE information: section name: .retplne
Source: installer.exe.7.drStatic PE information: section name: _RDATA
Source: installer_helper_64.exe.7.drStatic PE information: section name: .00cfg
Source: installer_helper_64.exe.7.drStatic PE information: section name: .gxfg
Source: installer_helper_64.exe.7.drStatic PE information: section name: .retplne
Source: installer_helper_64.exe.7.drStatic PE information: section name: _RDATA
Source: launcher.exe.7.drStatic PE information: section name: .00cfg
Source: launcher.exe.7.drStatic PE information: section name: .gxfg
Source: launcher.exe.7.drStatic PE information: section name: .retplne
Source: launcher.exe.7.drStatic PE information: section name: LZMADEC
Source: launcher.exe.7.drStatic PE information: section name: _RDATA
Source: launcher.exe.7.drStatic PE information: section name: malloc_h
Source: libEGL.dll.7.drStatic PE information: section name: .00cfg
Source: libEGL.dll.7.drStatic PE information: section name: .gxfg
Source: libEGL.dll.7.drStatic PE information: section name: .retplne
Source: libEGL.dll.7.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.7.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.7.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.7.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.7.drStatic PE information: section name: _RDATA
Source: vk_swiftshader.dll.7.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.7.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.7.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.7.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.7.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.7.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.7.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.7.drStatic PE information: section name: _RDATA
Source: win10_share_handler.dll.7.drStatic PE information: section name: .00cfg
Source: win10_share_handler.dll.7.drStatic PE information: section name: .gxfg
Source: win10_share_handler.dll.7.drStatic PE information: section name: .retplne
Source: win10_share_handler.dll.7.drStatic PE information: section name: _RDATA
Source: win8_importing.dll.7.drStatic PE information: section name: .00cfg
Source: win8_importing.dll.7.drStatic PE information: section name: .gxfg
Source: win8_importing.dll.7.drStatic PE information: section name: .retplne
Source: win8_importing.dll.7.drStatic PE information: section name: _RDATA
Source: Opera_installer_2402061435148407828.dll.8.drStatic PE information: section name: .00cfg
Source: Opera_installer_2402061435148407828.dll.8.drStatic PE information: section name: .rodata
Source: Opera_installer_2402061435148407828.dll.8.drStatic PE information: section name: CPADinfo
Source: Opera_installer_2402061435148407828.dll.8.drStatic PE information: section name: malloc_h
Source: assistant_installer.exe.11.drStatic PE information: section name: .00cfg
Source: assistant_installer.exe.11.drStatic PE information: section name: .voltbl
Source: assistant_installer.exe.11.drStatic PE information: section name: CPADinfo
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00412C00 push eax; ret 11_2_00412C2E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E9B10C push ecx; ret 12_2_00E9B11F
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435148407828.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\win10_share_handler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\assistant_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\mojo_core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435134067684.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061436127016648.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\OperaGXSetup[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_autoupdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_1.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\dxcompiler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\mojo_core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Icreplo_98220[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\notification_helper.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Opera_GX_assistant_73.0.3856.382_Setup[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_crashreporter.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\win8_importing.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435131327664.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer_helper_64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\CUESDK.x64_2017.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpFile created: C:\Windows\is-0PI61.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\opera_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435144237796.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\launcher.exe.1707230173.old (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\dxil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\is-S11RF.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\is-T5V69.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_gx_splash.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Opera_GX_106.0.4998.74_Autoupdate_x64[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\browser_assistant.exeJump to dropped file
Source: C:\Users\user\Desktop\quTbWcnSay.exeFile created: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpFile created: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435138567768.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_elf.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\additional_file0.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpFile created: C:\Windows\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061436131277280.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_browser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exeFile created: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061436242703168.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpFile created: C:\Windows\is-0PI61.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpFile created: C:\Windows\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\opera_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\assistant_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240206153513538.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240206153515017.logJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeFile created: C:\Users\user\AppData\Local\Temp\assistant_installer_20240206153537.log
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeFile created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240206153613326.log
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 BlobJump to behavior
Source: C:\Users\user\Desktop\quTbWcnSay.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DCA6D0 rdtsc 12_2_00DCA6D0
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\opera_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435148407828.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpDropped PE file which has not been started: C:\Windows\is-0PI61.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435144237796.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\opera.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\win10_share_handler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\assistant_packageJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\mojo_core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435134067684.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061436127016648.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\dxil.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_autoupdate.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_gx_splash.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_1.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Opera_GX_106.0.4998.74_Autoupdate_x64[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\browser_assistant.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_elf.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435138567768.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\dxcompiler.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\mojo_core.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Icreplo_98220[1].exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\notification_helper.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_crashreporter.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\win8_importing.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpDropped PE file which has not been started: C:\Windows\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435131327664.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061436131277280.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_browser.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer_helper_64.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\CUESDK.x64_2017.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\Opera_installer_2402061436242703168.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_12-71552
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeAPI coverage: 6.5 %
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeFile Volume queried: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp FullSizeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeFile Volume queried: C:\ FullSizeInformation
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_00405D07 FindFirstFileA,FindClose,2_2_00405D07
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_00405331 DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,2_2_00405331
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_0040263E FindFirstFileA,2_2_0040263E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_004033B3 GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,11_2_004033B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00402F12 FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,11_2_00402F12
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DC9120 PathMatchSpecW,FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,12_2_00DC9120
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E59AE2 FindFirstFileExW,12_2_00E59AE2
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\userJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\user\AppDataJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
Source: explorer.exe, 00000012.00000002.2923858273.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000012.00000000.2467564612.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 00000012.00000000.2467564612.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 00000012.00000002.2923858273.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000012.00000002.2891409803.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW hb%SystemRoot%\system32\mswsock.dll(
Source: explorer.exe, 00000012.00000002.2914007528.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000012.00000002.2923858273.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
Source: explorer.exe, 00000012.00000002.2914007528.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
Source: explorer.exe, 00000012.00000000.2467564612.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: quTbWcnSay.tmp, 00000001.00000002.2893887149.00000000007F8000.00000004.00000020.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000003.1709163527.00000000007F6000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2895127853.0000000000632000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890721663.00000000014BB000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2704598316.00000000014BA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1875444698.00000000014BB000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1880671252.00000000014BB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2920248221.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2467564612.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2467564612.000000000982D000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: quTbWcnSay.tmp, 00000001.00000002.2893887149.0000000000797000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh
Source: setup.exe, 00000002.00000002.2895127853.0000000000617000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
Source: explorer.exe, 00000012.00000002.2923858273.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000012.00000000.2465864091.0000000007A34000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 00000012.00000000.2467564612.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 00000012.00000002.2891409803.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: explorer.exe, 00000012.00000002.2891409803.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeAPI call chain: ExitProcess graph end nodegraph_2-3198
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeAPI call chain: ExitProcess graph end nodegraph_2-3200
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DCA6D0 rdtsc 12_2_00DCA6D0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DC6AE0 GetCurrentThread,IsDebuggerPresent,GetCurrentThreadId,__Init_thread_header,GetModuleHandleW,GetProcAddress,__Init_thread_footer,12_2_00DC6AE0
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_00405D2E GetModuleHandleA,LoadLibraryA,GetProcAddress,2_2_00405D2E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EB97FB mov eax, dword ptr fs:[00000030h]12_2_00EB97FB
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EA7C65 mov eax, dword ptr fs:[00000030h]12_2_00EA7C65
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DDAD1E GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,12_2_00DDAD1E
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E2206C SetUnhandledExceptionFilter,SetConsoleCtrlHandler,_strlen,_strlen,_strlen,_strlen,_strlen,SetUnhandledExceptionFilter,_strlen,_strlen,SetProcessShutdownParameters,__Init_thread_header,__Init_thread_footer,_strlen,12_2_00E2206C
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DDC3B6 GetCurrentProcessId,SetUnhandledExceptionFilter,12_2_00DDC3B6
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E9A428 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_00E9A428
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00DDACEE GetCurrentProcessId,CreateEventW,CreateEventW,CreateEventW,CreateEventW,SetUnhandledExceptionFilter,CreateThread,12_2_00DDACEE
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D71C00 SetUnhandledExceptionFilter,12_2_00D71C00
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00EABE76 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_00EABE76
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c5ae5e8,0x6c5ae5f4,0x6c5ae600Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7664 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240206153514" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0806000000000000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --versionJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6ba1e5e8,0x6ba1e5f4,0x6ba1e600Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0xf14f48,0xf14f58,0xf14f64
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe "C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ffdfb94a5b0,0x7ffdfb94a5bc,0x7ffdfb94a5c8
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeProcess created: unknown unknown
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe c:\users\user\appdata\local\temp\nsne22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=106.0.4998.74 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c5ae5e8,0x6c5ae5f4,0x6c5ae600
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe "c:\users\user\appdata\local\temp\nsne22.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7664 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240206153514" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=mzkxotzlnta1mdhiztnizdvjzda3ytzhndu1zwniymnizdvjzmnmndm1nwiyyzk2zwvlzmzlyjnlmtfindi3otp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1jpx1bcm19erf8znjyxjnv0bv9pzd04ztjjnjnkogflnzu0mzyzotq3zjvmmtjlmme0njkymsz1dg1fy29udgvudd0znjyxxzi1nzcilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mdcymzaxmtiunje5ocisinvzzxjhz2vudci6iklubm9eb3dubg9hzfbsdwdpbi8xljuilcj1dg0ionsiy2ftcgfpz24ioijqv05fuk9fueizx0rexzm2njeilcjjb250zw50ijoimzy2mv8yntc3iiwiawqioii4ztjjnjnkogflnzu0mzyzotq3zjvmmtjlmme0njkymsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu3mtywmtnjlwiyodgtngrimc04otgwltjknjblmzzjnjlmzcj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0806000000000000
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe c:\users\user\appdata\local\temp\nsne22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=106.0.4998.74 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6ba1e5e8,0x6ba1e5f4,0x6ba1e600
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202402061535141\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0xf14f48,0xf14f58,0xf14f64
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe "c:\users\user\appdata\local\programs\opera gx\106.0.4998.74\installer.exe" --backend --initial-pid=7664 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202402061535141" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=mzkxotzlnta1mdhiztnizdvjzda3ytzhndu1zwniymnizdvjzmnmndm1nwiyyzk2zwvlzmzlyjnlmtfindi3otp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1jpx1bcm19erf8znjyxjnv0bv9pzd04ztjjnjnkogflnzu0mzyzotq3zjvmmtjlmme0njkymsz1dg1fy29udgvudd0znjyxxzi1nzcilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mdcymzaxmtiunje5ocisinvzzxjhz2vudci6iklubm9eb3dubg9hzfbsdwdpbi8xljuilcj1dg0ionsiy2ftcgfpz24ioijqv05fuk9fueizx0rexzm2njeilcjjb250zw50ijoimzy2mv8yntc3iiwiawqioii4ztjjnjnkogflnzu0mzyzotq3zjvmmtjlmme0njkymsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu3mtywmtnjlwiyodgtngrimc04otgwltjknjblmzzjnjlmzcj9 --silent --desktopshortcut=1 --install-subfolder=106.0.4998.74
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe "c:\users\user\appdata\local\programs\opera gx\106.0.4998.74\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=106.0.4998.74 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ffdfb94a5b0,0x7ffdfb94a5bc,0x7ffdfb94a5c8
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe c:\users\user\appdata\local\temp\nsne22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=106.0.4998.74 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c5ae5e8,0x6c5ae5f4,0x6c5ae600Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe "c:\users\user\appdata\local\temp\nsne22.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7664 --package-dir-prefix="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_20240206153514" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=mzkxotzlnta1mdhiztnizdvjzda3ytzhndu1zwniymnizdvjzmnmndm1nwiyyzk2zwvlzmzlyjnlmtfindi3otp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1jpx1bcm19erf8znjyxjnv0bv9pzd04ztjjnjnkogflnzu0mzyzotq3zjvmmtjlmme0njkymsz1dg1fy29udgvudd0znjyxxzi1nzcilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mdcymzaxmtiunje5ocisinvzzxjhz2vudci6iklubm9eb3dubg9hzfbsdwdpbi8xljuilcj1dg0ionsiy2ftcgfpz24ioijqv05fuk9fueizx0rexzm2njeilcjjb250zw50ijoimzy2mv8yntc3iiwiawqioii4ztjjnjnkogflnzu0mzyzotq3zjvmmtjlmme0njkymsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu3mtywmtnjlwiyodgtngrimc04otgwltjknjblmzzjnjlmzcj9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0806000000000000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe c:\users\user\appdata\local\temp\nsne22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=106.0.4998.74 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6ba1e5e8,0x6ba1e5f4,0x6ba1e600Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe "c:\users\user\appdata\local\programs\opera gx\106.0.4998.74\installer.exe" --backend --initial-pid=7664 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="c:\users\user\appdata\local\programs\opera gx" --profile-folder --language=en-gb --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202402061535141" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=mzkxotzlnta1mdhiztnizdvjzda3ytzhndu1zwniymnizdvjzmnmndm1nwiyyzk2zwvlzmzlyjnlmtfindi3otp7imnvdw50cnkioijvuyisimvkaxrpb24ioijzdgqtmsisimluc3rhbgxlcl9uyw1lijoit3blcmfhwfnldhvwlmv4zsisinbyb2r1y3qionsibmftzsi6im9wzxjhx2d4in0sinf1zxj5ijoil29wzxjhx2d4l3n0ywjszs9lzgl0aw9ul3n0zc0xp3v0bv9zb3vyy2u9ufdoz2ftzxmmdxrtx21lzgl1bt1wysz1dg1fy2ftcgfpz249ufdox1jpx1bcm19erf8znjyxjnv0bv9pzd04ztjjnjnkogflnzu0mzyzotq3zjvmmtjlmme0njkymsz1dg1fy29udgvudd0znjyxxzi1nzcilcjzexn0zw0ionsicgxhdgzvcm0ionsiyxjjaci6ing4nl82ncisim9wc3lzijoiv2luzg93cyisim9wc3lzlxzlcnnpb24ioiixmcisinbhy2thz2uioijfweuifx0sinrpbwvzdgftcci6ije3mdcymzaxmtiunje5ocisinvzzxjhz2vudci6iklubm9eb3dubg9hzfbsdwdpbi8xljuilcj1dg0ionsiy2ftcgfpz24ioijqv05fuk9fueizx0rexzm2njeilcjjb250zw50ijoimzy2mv8yntc3iiwiawqioii4ztjjnjnkogflnzu0mzyzotq3zjvmmtjlmme0njkymsisim1lzgl1bsi6inbhiiwic291cmnlijoiufdoz2ftzxmifswidxvpzci6imu3mtywmtnjlwiyodgtngrimc04otgwltjknjblmzzjnjlmzcj9 --silent --desktopshortcut=1 --install-subfolder=106.0.4998.74Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeProcess created: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe "c:\users\user\appdata\local\temp\.opera\opera gx installer temp\opera_package_202402061535141\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win32 --annotation=prod=operadesktopgx --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0xf14f48,0xf14f58,0xf14f64
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeProcess created: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe "c:\users\user\appdata\local\programs\opera gx\106.0.4998.74\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\roaming\opera software\opera gx stable\crash reports" "--crash-count-file=c:\users\user\appdata\roaming\opera software\opera gx stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=stable --annotation=plat=win64 --annotation=prod=operadesktopgx --annotation=ver=106.0.4998.74 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ffdfb94a5b0,0x7ffdfb94a5bc,0x7ffdfb94a5c8
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_0040247A AllocateAndInitializeSid,CheckTokenMembership,FreeSid,11_2_0040247A
Source: installer.exe, 0000000E.00000002.2669941845.000002C9731D1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Program Manager_12
Source: installer.exe, 0000000E.00000003.2446149285.000002C973191000.00000004.00000020.00020000.00000000.sdmp, launcher.exe, 00000023.00000002.2850858789.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmp, launcher.exe, 00000023.00000000.2537172061.00007FF64AD33000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: Cannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpBinary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.Could not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000E.00000002.2669602457.000002C971732000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnder
Source: explorer.exe, 00000012.00000003.2724122497.000000000CBC1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000003.2716903611.000000000CBA8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Program Manager
Source: set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmpBinary or memory string: ..\..\opera\desktop\chrome_imports\chrome\browser\win\ui_automation_util.ccGetCachedBstrValue property is not a BSTR: GetCachedInt32Value property is not an I4: X64Cannot get the size of file version infoNo file version in the package\StringFileInfo\000004B0\ProductVersionNo product version value in the packageReceived an invalid version: \StringFileInfo\000004B0\ContinuousVersionReceived an invalid continuous build number: Cannot acquire internal version from the full version: \StringFileInfo\000004B0\StreamNo stream value in the packageCannot get exe output: version..\..\opera\desktop\windows\installer\common\file_version_utils_impl.ccInvalid version from exe: Cannot get exe output: streamCannot get app output Failed to run the elevated process: Failed wait for the elevated process: Unexpected result when waiting for elevated process: Shortcut element - no correct interface...\..\opera\desktop\windows\installer\common\pin_automator.ccDoneCannot get native menu handle.Cannot get desktop rect.Cannot find pin menu element.No rectangleCould not activate the menu item.ProgmanSysListView324
Source: installer.exe, 0000000E.00000002.2669602457.000002C971732000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2920248221.0000000009815000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2464186318.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: set_0.exe, installer.exe, 0000000E.00000002.2669602457.000002C971732000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000002.2702791372.000001C843E51000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2464186318.00000000018A0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: installer.exe, 0000000E.00000002.2669602457.000002C971732000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanfer
Source: explorer.exe, 00000012.00000000.2469307862.000000000B2AC000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnde
Source: explorer.exe, 00000012.00000000.2463791892.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2891409803.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
Source: explorer.exe, 00000012.00000000.2464186318.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.2900589445.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000013.00000002.2902705643.0000000001950000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: explorer.exe, 00000012.00000000.2464186318.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000012.00000002.2900589445.00000000018A0000.00000002.00000001.00040000.00000000.sdmp, jyKJvjQuuEeSXFxWJ.exe, 00000013.00000002.2902705643.0000000001950000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E99EB0 cpuid 12_2_00E99EB0
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,11_2_004021B3
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: GetLocaleInfoW,12_2_00EB769C
Source: C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmpQueries volume information: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\installer_prefs_include.json VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\root_files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\files_list VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\pref_default_overrides VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\installer_prefs_include.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\custom_partner_content.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json VolumeInformation
Source: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exeQueries volume information: C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00E1CB18 GetVersion,CreateNamedPipeW,12_2_00E1CB18
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeCode function: 11_2_00401841 ??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLocalTime,SystemTimeToFileTime,??2@YAPAXI@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,11_2_00401841
Source: C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exeCode function: 12_2_00D80746 GetUserNameW,GetNamedSecurityInfoW,GetNamedSecurityInfoW,GetExplicitEntriesFromAclW,CheckTokenMembership,BuildExplicitAccessWithNameW,SetEntriesInAclW,SetEntriesInAclW,LocalFree,LocalFree,LocalFree,LocalFree,SetNamedSecurityInfoW,SetNamedSecurityInfoW,LocalFree,LocalFree,12_2_00D80746
Source: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exeCode function: 2_2_00405A2E GetVersion,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,2_2_00405A2E
Source: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 BlobJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		2
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		1
Credential API Hooking		1
System Time Discovery		Remote Services11
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault Accounts12
Command and Scripting Interpreter		1
Valid Accounts		1
Valid Accounts		1
Deobfuscate/Decode Files or Information		11
Input Capture		1
Account Discovery		Remote Desktop Protocol1
Credential API Hooking		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAt1
Windows Service		11
Access Token Manipulation		21
Obfuscated Files or Information		Security Account Manager3
File and Directory Discovery		SMB/Windows Admin Shares11
Input Capture		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Windows Service		1
Software Packing		NTDS35
System Information Discovery		Distributed Component Object Model1
Clipboard Data		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script13
Process Injection		1
Timestomp		LSA Secrets1
Query Registry		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials121
Security Software Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
Masquerading		DCSync2
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Valid Accounts		Proc Filesystem3
System Owner/User Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Modify Registry		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
Access Token Manipulation		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd13
Process Injection		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1387592 Sample: quTbWcnSay.exe Startdate: 06/02/2024 Architecture: WINDOWS Score: 42 132 Antivirus detection for URL or domain 2->132 134 Antivirus detection for dropped file 2->134 136 Multi AV Scanner detection for dropped file 2->136 138 3 other signatures 2->138 11 quTbWcnSay.exe 2 2->11         started        14 launcher.exe 2->14         started        process3 file4 84 C:\Users\user\AppData\...\quTbWcnSay.tmp, PE32 11->84 dropped 16 quTbWcnSay.tmp 26 18 11->16         started        86 C:\Users\user\AppData\Local\...\installer.exe, PE32+ 14->86 dropped 20 installer.exe 14->20         started        process5 dnsIp6 116 104.21.74.72 CLOUDFLARENETUS United States 16->116 118 172.67.208.40 CLOUDFLARENETUS United States 16->118 56 C:\Windows\unins000.exe (copy), PE32 16->56 dropped 58 C:\Windows\is-0PI61.tmp, PE32 16->58 dropped 60 C:\Users\user\AppData\...\setup.exe (copy), PE32 16->60 dropped 64 3 other files (2 malicious) 16->64 dropped 22 setup.exe 36 16->22         started        62 Opera_installer_2402061436242703168.dll, PE32+ 20->62 dropped file7 process8 dnsIp9 120 107.167.110.211 OPERASOFTWAREUS United States 22->120 122 45.88.79.143 ON-LINE-DATAServerlocation-NetherlandsDrontenNL Ukraine 22->122 124 4 other IPs or domains 22->124 66 C:\Users\user\AppData\Local\...\set_2.exe, PE32 22->66 dropped 68 C:\Users\user\AppData\Local\...\set_1.exe, PE32 22->68 dropped 70 C:\Users\user\AppData\Local\...\set_0.exe, PE32 22->70 dropped 72 4 other malicious files 22->72 dropped 26 set_0.exe 47 22->26         started        file10 process11 dnsIp12 126 107.167.110.217 OPERASOFTWAREUS United States 26->126 128 107.167.125.189 OPERASOFTWAREUS United States 26->128 130 5 other IPs or domains 26->130 88 Opera_installer_2402061435131327664.dll, PE32 26->88 dropped 90 C:\Users\user\AppData\Local\...\set_0.exe, PE32 26->90 dropped 92 C:\Users\user\AppData\Local\...\opera_package, PE32 26->92 dropped 94 4 other malicious files 26->94 dropped 30 set_0.exe 1 162 26->30         started        33 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 5 26->33         started        35 set_0.exe 5 26->35         started        37 2 other processes 26->37 file13 process14 file15 96 Opera_installer_2402061435144237796.dll, PE32 30->96 dropped 98 C:\Users\user\AppData\...\win8_importing.dll, PE32+ 30->98 dropped 100 C:\Users\user\...\win10_share_handler.dll, PE32+ 30->100 dropped 112 20 other malicious files 30->112 dropped 39 installer.exe 30->39         started        43 set_0.exe 4 30->43         started        102 C:\Users\user\AppData\Local\...\mojo_core.dll, PE32 33->102 dropped 104 C:\Users\user\...\browser_assistant.exe, PE32 33->104 dropped 106 C:\Users\user\...\assistant_installer.exe, PE32 33->106 dropped 108 Opera_installer_2402061435134067684.dll, PE32 35->108 dropped 110 Opera_installer_2402061435138567768.dll, PE32 37->110 dropped 45 assistant_installer.exe 37->45         started        process16 file17 74 Opera_installer_2402061436127016648.dll, PE32+ 39->74 dropped 76 C:\Users\user\AppData\Local\...\opera.exe, PE32+ 39->76 dropped 78 C:\Users\user\AppData\Local\...\launcher.exe, PE32+ 39->78 dropped 80 C:\...\launcher.exe.1707230173.old (copy), PE32+ 39->80 dropped 140 Installs a global event hook (focus changed) 39->140 47 installer.exe 39->47         started        50 explorer.exe 39->50 injected 52 jyKJvjQuuEeSXFxWJ.exe 39->52 injected 54 17 other processes 39->54 82 Opera_installer_2402061435148407828.dll, PE32 43->82 dropped signatures18 process19 file20 114 Opera_installer_2402061436131277280.dll, PE32+ 47->114 dropped

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
quTbWcnSay.exe26%ReversingLabsWin32.Trojan.Offloader
quTbWcnSay.exe24%VirustotalBrowse
quTbWcnSay.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exe100%AviraTR/Redcap.eotnr
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Opera_GX_assistant_73.0.3856.382_Setup[1].exe0%ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Opera_GX_assistant_73.0.3856.382_Setup[1].exe1%VirustotalBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exe79%ReversingLabsWin32.Trojan.Mamson
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exe68%VirustotalBrowse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Icreplo_98220[1].exe3%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\launcher.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\launcher.exe.1707230173.old (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_gx_splash.exe0%ReversingLabs
C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\additional_file0.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\browser_assistant.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\mojo_core.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\_isetup\_setup64.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://simpleflying.com/how-do-you-become-an-air-traffic-controller/0%URL Reputationsafe
https://www.remobjects.com/ps0%URL Reputationsafe
http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetching0%URL Reputationsafe
http://sto.farmscene.website/track_polos.php?tim=1707230103&rcc=US&c=2577&p=0.95100%Avira URL Cloudmalware
http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1627&a=2577&dn=286&spot=20%Avira URL Cloudsafe
http://sto.farmscene.website/track_inl2.php?tim=1707230103&poid=2577&p=1.25Inno100%Avira URL Cloudmalware
http://eventquill.online/daf.php?spot=6&a=2577&on=434&o=16700%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/siSIPVerifyIndirectDataDllFuncName0%Avira URL Cloudsafe
https://www.leestcruv.cloud/0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/o0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/=0%Avira URL Cloudsafe
https://www.leestcruv.cloud/0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/siSIPVerifyIndirectDataDllFuncName0%VirustotalBrowse
https://doc-hosting.flycricket.io/health-tracker-privacy-policy/e1662a21-b082-4dae-bcb0-3abd33859f1c0%Avira URL Cloudsafe
https://sync.opera.com$10%Avira URL Cloudsafe
http://autoupdate-staging.services.ams.osa/0%Avira URL Cloudsafe
http://localhost:3001api/prefs/?product=$1&version=$2..0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/SysWOW640%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/=0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/o0%VirustotalBrowse
http://guideveil.xyz/0%Avira URL Cloudsafe
https://doc-hosting.flycricket.io/health-tracker-privacy-policy/e1662a21-b082-4dae-bcb0-3abd33859f1c0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/LocalLow0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/SysWOW640%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/Y0%Avira URL Cloudsafe
http://sto.farmscene.website/track_polos.php?tim=1707230103&rcc=US&c=2577&p=0.95http://eventquill.on100%Avira URL Cloudmalware
https://desktop-netinstaller-sub.osp.opera.software/W0%Avira URL Cloudsafe
http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1627&a=2577&dn=286&spot=0%Avira URL Cloudsafe
http://guideveil.xyz/0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software0%Avira URL Cloudsafe
http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=331&a=2577&dn=244&sp0%Avira URL Cloudsafe
https://www.innosetup.com/0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/Y0%VirustotalBrowse
https://desktop-netinstaller-sub.osp.opera.software/J0%Avira URL Cloudsafe
https://eventquill.online/da.php?a=3876&cc=US&t=1707230103InnoDownloadPlugin/1.5/USERAGENT/silentget0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/F0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.software0%VirustotalBrowse
http://sto.farmscene.website/track_inl2.php?tim=1707230103&poid=2577&p=1.25100%Avira URL Cloudmalware
https://desktop-netinstaller-sub.osp.opera.software/W0%VirustotalBrowse
https://advancedmanager.io/eula0%Avira URL Cloudsafe
https://eventquill.online/0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/F0%VirustotalBrowse
https://yandex.com.tr/search/?clid=1669559&text=0%Avira URL Cloudsafe
http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1627&a=2577&dn=286&spot=2&t=0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/J0%VirustotalBrowse
https://advancedmanager.io/eula0%VirustotalBrowse
http://eventquill.online/daf.php?spot=2&a=2577&on=286&o=162720%Avira URL Cloudsafe
https://yandex.com.tr/search/?clid=1669559&text=0%VirustotalBrowse
https://eventquill.online/0%VirustotalBrowse
http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1675&a=2577&dn=441&spot=0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/J0%Avira URL Cloudsafe
http://eventquill.online/daf.php?spot=3&a=2577&on=244&o=331D0%Avira URL Cloudsafe
https://www.innosetup.com/2%VirustotalBrowse
https://www.inlogbrowser.com/pp.txt0%Avira URL Cloudsafe
http://eventquill.online/daf.php?spot=3&a=2577&on=244&o=331H0%Avira URL Cloudsafe
https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/J0%VirustotalBrowse
http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1675&a=2577&dn=441&spot=5&t=0%Avira URL Cloudsafe
https://www.inlogbrowser.com/pp.txt0%VirustotalBrowse

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://eventquill.online/daf.php?spot=6&a=2577&on=434&o=1670setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://aka.ms/odirmrexplorer.exe, 00000012.00000002.2914007528.00000000079FB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
    		high
    https://yandex.ua/search/?clid=2358536&text=installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      http://sto.farmscene.website/track_polos.php?tim=1707230103&rcc=US&c=2577&p=0.95setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpfalse
      • Avira URL Cloud: malware
      		unknown
      https://download3.operacdn.com/ftp/pub/opera_gx/106.0.4998.74/win/Opera_GX_106.0.4998.74_Autoupdate_set_0.exe, 00000004.00000003.1890721663.00000000014C4000.00000004.00000020.00020000.00000000.sdmpfalse
        		high
        http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=no&o=1627&a=2577&dn=286&spot=2setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://desktop-netinstaller-sub.osp.opera.software/vset_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpfalse
        • 0%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        https://legal.opera.com/termsset_0.exe, 00000004.00000002.2702734129.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005A9000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
          		high
          https://www.deezer.com/sr/logininstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://sto.farmscene.website/track_inl2.php?tim=1707230103&poid=2577&p=1.25Innosetup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            https://api.browser.yandex.ua/suggest/get?part=installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                		high
                https://desktop-netinstaller-sub.osp.opera.software/siSIPVerifyIndirectDataDllFuncNameset_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://www.leestcruv.cloud/setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://desktop-netinstaller-sub.osp.opera.software/oset_0.exe, 00000004.00000002.2704598316.0000000001486000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1875444698.00000000014A2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890721663.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1880671252.00000000014A4000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1961786659.00000000014A2000.00000004.00000020.00020000.00000000.sdmpfalse
                • 0%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://help.opera.com/latest/launcher.exe, 00000026.00000002.2609155254.0000033800284000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
                  		high
                  https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000012.00000000.2467564612.00000000097D4000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2920248221.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
                    		high
                    https://addons.opera.com/extensions/download/13655f413caacdcc677b24dc0c615d1f5328d6a3/installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://download.opera.com/lset_0.exe, 00000004.00000003.1875320127.00000000014D2000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://policies.google.com/terms;set_0.exe, 00000004.00000002.2702734129.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005A9000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006A9000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
                          		high
                          https://www.baidu.com/favicon.icoinstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://ff.search.yahoo.com/gossip?output=fxjson&command=installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/=set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              https://doc-hosting.flycricket.io/health-tracker-privacy-policy/e1662a21-b082-4dae-bcb0-3abd33859f1csetup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpfalse
                              • 0%, Virustotal, Browse
                              • Avira URL Cloud: safe
                              		unknown
                              http://autoupdate-staging.services.ams.osa/set_0.exefalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://sync.opera.com$1hi.pak.7.drfalse
                              • Avira URL Cloud: safe
                              		low
                              http://localhost:3001api/prefs/?product=$1&version=$2..set_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              http://www.opera.comset_0.exe, 00000004.00000003.2701643601.00000000497B8000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2056557196.000000004974C000.00000004.00001000.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705900056.0000000001745000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newset_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003310000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
                                  		high
                                  https://desktop-netinstaller-sub.osp.opera.software/SysWOW64set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://guideveil.xyz/quTbWcnSay.tmp, 00000001.00000003.1709163527.00000000007D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://simpleflying.com/how-do-you-become-an-air-traffic-controller/explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://desktop-netinstaller-sub.osp.opera.software/LocalLowset_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://addons.opera.com/extensions/download/0239ef3d7c95570d61b12b2fb509af435ccc2131/installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.deezer.com/no/logininstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.deezer.com/ro/logininstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://completion.amazon.com/search/complete?q=installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://desktop-netinstaller-sub.osp.opera.software/Yset_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • 0%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://sto.farmscene.website/track_polos.php?tim=1707230103&rcc=US&c=2577&p=0.95http://eventquill.onsetup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://desktop-netinstaller-sub.osp.opera.software/Wset_0.exe, 00000004.00000003.2052264887.00000000014DA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • 0%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://listen.tidal.com/installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1627&a=2577&dn=286&spot=setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              https://desktop-netinstaller-sub.osp.opera.software/v1/binaryera.softwareset_0.exe, 00000004.00000002.2707097483.0000000004A5D000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://addons.opera.com/extensions/download/ad5beaae2fc679ccba1db1f7b3c9503d8da6ec70/installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.opera.com/gx/.74https://www.opera.com/gx/est/features-dna-requirementslauncher.exe, 00000023.00000002.2847737095.00000F3C0028C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution_fail&rk=no&o=331&a=2577&dn=244&spsetup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.remobjects.com/psquTbWcnSay.exe, 00000000.00000003.1621844323.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.exe, 00000000.00000003.1621445927.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000000.1623987212.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.innosetup.com/quTbWcnSay.exe, 00000000.00000003.1621844323.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.exe, 00000000.00000003.1621445927.00000000026C0000.00000004.00001000.00020000.00000000.sdmp, quTbWcnSay.tmp, 00000001.00000000.1623987212.0000000000401000.00000020.00000001.01000000.00000004.sdmpfalse
                                                  • 2%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://desktop-netinstaller-sub.osp.opera.software/Jset_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • 0%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.deezer.com/fi/logininstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://download.opera.com/download/get/?id=52318&autoupdate=1&ni=1cset_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://download3.operacdn.com/set_0.exe, 00000004.00000003.1890526974.0000000001500000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://eventquill.online/da.php?a=3876&cc=US&t=1707230103InnoDownloadPlugin/1.5/USERAGENT/silentgetsetup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://desktop-netinstaller-sub.osp.opera.software/Fset_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • 0%, Virustotal, Browse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://sto.farmscene.website/track_inl2.php?tim=1707230103&poid=2577&p=1.25setup.exe, 00000002.00000003.2796115138.0000000002B89000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2908068672.0000000002B85000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://www.so.com/favicon.icoinstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.deezer.com/mx/logininstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000012.00000002.2914007528.00000000079B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000000.2465864091.00000000079B1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://advancedmanager.io/eulasetup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • 0%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://wns.windows.com/Lexplorer.exe, 00000012.00000000.2469716689.000000000C557000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2930674856.000000000C557000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://crashpad.chromium.org/set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.0000000003310000.00000004.00000020.00020000.00000000.sdmp, Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe, 0000000B.00000003.2080708697.000000000347D000.00000004.00000020.00020000.00000000.sdmp, assistant_installer.exe, assistant_installer.exe, 0000000C.00000000.2082501798.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, assistant_installer.exe, 0000000D.00000000.2083663959.0000000000EC7000.00000002.00000001.01000000.00000014.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
                                                                  		high
                                                                  https://eventquill.online/setup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://addons.opera.com/en/extensions/details/dify-cashback/installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
                                                                    		high
                                                                    https://www.deezer.cominstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://autoupdate.geo.opera.com/geolocation/set_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
                                                                        		high
                                                                        https://duckduckgo.com/?q=installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://yandex.com.tr/search/?clid=1669559&text=installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • 0%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://crashstats-collector.opera.com/collector/submitinstaller.exe, 0000000F.00000002.2702791372.000001C843E20000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000F.00000003.2674097405.000000D800238000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
                                                                            		high
                                                                            http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1627&a=2577&dn=286&spot=2&t=setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earningsexplorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 00000012.00000000.2465864091.00000000078AD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://addons.opera.com/extensions/download/4d3d8f7f070d279fbe0d2795e10e69fbab5d3824/installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://eventquill.online/daf.php?spot=2&a=2577&on=286&o=16272setup.exe, 00000002.00000002.2908068672.0000000002B73000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_execution&rk=yes&o=1675&a=2577&dn=441&spot=setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://opera.com/privacyset_0.exe, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
                                                                                      		high
                                                                                      https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://autoupdate-staging.services.ams.osa/v4/v5/netinstaller///windows/x64v2/Fetchingset_0.exe, 00000004.00000002.2702734129.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000005.00000002.2711059391.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000006.00000002.1849878966.00000000005CB000.00000040.00000001.01000000.0000000F.sdmp, set_0.exe, 00000007.00000002.2677961973.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, set_0.exe, 00000008.00000002.2707253029.00000000006CB000.00000040.00000001.01000000.0000000C.sdmp, installer.exe, 0000000E.00000002.2671425164.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 0000000F.00000002.2704055669.00007FF6FAFA7000.00000002.00000001.01000000.00000015.sdmp, installer.exe, 00000028.00000000.2549062400.00007FF7F24D7000.00000002.00000001.01000000.0000001B.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://duckduckgo.com/favicon.icoinstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.google.com/favicon.icoinstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://desktop-netinstaller-sub.osp.opera.software/r-sub.osp.opera.software/Jset_0.exe, 00000004.00000003.2452032863.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701526132.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2701396477.00000000014D2000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.2452224294.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000002.2705176382.00000000014D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              • 0%, Virustotal, Browse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://addons.opera.com/extensions/download/3ed7347a5e10c404ea6cb96281265ff23092cf8f/installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://addons.opera.com/extensions/download/e27cf3ebc2172a1a7d9cb6978a031ef52ed55596/installer.exe, 0000000E.00000003.2444601145.000002C9716FD000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://nsis.sf.net/NSIS_Errorsetup.exe, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmp, setup.exe, 00000002.00000000.1711024840.0000000000409000.00000008.00000001.01000000.00000007.sdmpfalse
                                                                                                    		high
                                                                                                    https://autoupdate.geo.opera.com/v5/netinstaller/gx/Stable/windows/x64yOset_0.exe, 00000004.00000002.2704598316.0000000001420000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://download3.operacdn.com/Dset_0.exe, 00000004.00000003.1890610754.0000000001500000.00000004.00000020.00020000.00000000.sdmp, set_0.exe, 00000004.00000003.1890526974.0000000001500000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.rd.com/list/polite-habits-campers-dislike/explorer.exe, 00000012.00000000.2465864091.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000012.00000002.2914007528.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://eventquill.online/daf.php?spot=3&a=2577&on=244&o=331Dsetup.exe, 00000002.00000002.2908068672.0000000002B85000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://www.deezer.com/ru/logininstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.inlogbrowser.com/pp.txtsetup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • 0%, Virustotal, Browse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://eventquill.online/daf.php?spot=3&a=2577&on=244&o=331Hsetup.exe, 00000002.00000002.2895127853.00000000005DC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://addons.opera.com/extensions/download/434b0a6daa530638a964132e86b8a01d7b39aa7c/installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://addons.opera.com/extensions/download/aad01b6c6f7f2f01bea6584af044c96d8850f748/installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.google.com/chrome/a/answer/9122284hi.pak.7.drfalse
                                                                                                                  		high
                                                                                                                  https://addons.opera.com/extensions/download/313b7f796952f2b34bf6bce6ba10a7b51bd18913/installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://translate.yandex.net/main/v2.92.1465389915/i/favicon.icoinstaller.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://eventquill.online/das.php?fz=&d=nsis&msg=&r=offer_exists&rk=no&o=1675&a=2577&dn=441&spot=5&t=setup.exe, 00000002.00000002.2895127853.000000000057E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://addons.opera.com/extensions/download/505f20c0ceb331ebec9f6b8d9def5e0f59be4612/installer.exe, 0000000E.00000003.2507259487.000073F800804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high

                                                                                                                        World Map of Contacted IPs

                                                                                                                        • No. of IPs < 25%
                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                        • 75% < No. of IPs

                                                                                                                        Public IPs

                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                        172.67.208.40
                                                                                                                        		unknownUnited States
                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                        172.67.195.183
                                                                                                                        		unknownUnited States
                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                        159.223.29.40
                                                                                                                        		unknownUnited States
                                                                                                                        		46118CELANESE-USfalse
                                                                                                                        45.88.79.143
                                                                                                                        		unknownUkraine
                                                                                                                        		204601ON-LINE-DATAServerlocation-NetherlandsDrontenNLfalse
                                                                                                                        172.67.152.108
                                                                                                                        		unknownUnited States
                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                        37.228.108.132
                                                                                                                        		unknownNorway
                                                                                                                        		39832NO-OPERANOfalse
                                                                                                                        23.1.33.16
                                                                                                                        		unknownUnited States
                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                        104.21.71.199
                                                                                                                        		unknownUnited States
                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                        104.18.8.172
                                                                                                                        		unknownUnited States
                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                        192.229.211.108
                                                                                                                        		unknownUnited States
                                                                                                                        		15133EDGECASTUSfalse
                                                                                                                        104.21.74.72
                                                                                                                        		unknownUnited States
                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                        107.167.110.217
                                                                                                                        		unknownUnited States
                                                                                                                        		21837OPERASOFTWAREUSfalse
                                                                                                                        107.167.110.211
                                                                                                                        		unknownUnited States
                                                                                                                        		21837OPERASOFTWAREUSfalse
                                                                                                                        107.167.96.30
                                                                                                                        		unknownUnited States
                                                                                                                        		53755IOFLOODUSfalse
                                                                                                                        107.167.125.189
                                                                                                                        		unknownUnited States
                                                                                                                        		21837OPERASOFTWAREUSfalse

                                                                                                                        General Information

                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                        Analysis ID:1387592
                                                                                                                        Start date and time:2024-02-06 15:34:06 +01:00
                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                        Overall analysis duration:0h 13m 37s
                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                        Report type:full
                                                                                                                        Cookbook file name:default.jbs
                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                        Number of analysed new started processes analysed:23
                                                                                                                        Number of new started drivers analysed:0
                                                                                                                        Number of existing processes analysed:0
                                                                                                                        Number of existing drivers analysed:0
                                                                                                                        Number of injected processes analysed:18
                                                                                                                        Technologies:
                                                                                                                        • HCA enabled
                                                                                                                        • EGA enabled
                                                                                                                        • AMSI enabled
                                                                                                                        Analysis Mode:default
                                                                                                                        Analysis stop reason:Timeout
                                                                                                                        Sample name:quTbWcnSay.exe
                                                                                                                        renamed because original name is a hash value
                                                                                                                        Original Sample Name:7332fbc6fd5023cc26cd2e7414e8c40312783cc39b40815b91b7618b1d4c49b2.exe
                                                                                                                        Detection:MAL
                                                                                                                        Classification:mal42.spyw.winEXE@35/254@0/15
                                                                                                                        EGA Information:
                                                                                                                        • Successful, ratio: 37.5%
                                                                                                                        HCA Information:
                                                                                                                        • Successful, ratio: 68%
                                                                                                                        • Number of executed functions: 117
                                                                                                                        • Number of non-executed functions: 263
                                                                                                                        Cookbook Comments:
                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                        Warnings

                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                        • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                        • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                        Simulations

                                                                                                                        Behavior and APIs

                                                                                                                        TimeTypeDescription
                                                                                                                        14:36:22Task SchedulerRun new task: Opera GX scheduled Autoupdate 1707230173 path: C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe s>--scheduledautoupdate $(Arg0)
                                                                                                                        14:37:07Task SchedulerRun new task: AdvancedUpdater path: C:\Program Files (x86)\AW Manager\Windows Manager\Windows Updater.exe s>/silentall -nofreqcheck -nogui
                                                                                                                        15:36:17API Interceptor11x Sleep call for process: explorer.exe modified

                                                                                                                        Joe Sandbox View / Context

                                                                                                                        IPs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        172.67.208.40w1J9KDIC0m.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • theoryconnection.website/lamp.php
                                                                                                                        159.223.29.40d47b38d68c7ef6c19add401c1c6defb99aef1fac8fd28.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • kapetownlink.com/installer.exe
                                                                                                                        d47b38d68c7ef6c19add401c1c6defb99aef1fac8fd28.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • kapetownlink.com/installer.exe
                                                                                                                        69e6517b2ee056dd1f5f70c46faf6235b84db97a74a65.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • kapetownlink.com/installer.exe
                                                                                                                        w1J9KDIC0m.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • kapetownlink.com/installer.exe
                                                                                                                        69e6517b2ee056dd1f5f70c46faf6235b84db97a74a65.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • kapetownlink.com/installer.exe
                                                                                                                        sq5W8v3VZV.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • kapetownlink.com/installer.exe
                                                                                                                        w1J9KDIC0m.exeGet hashmaliciousUnknownBrowse
                                                                                                                        • kapetownlink.com/installer.exe
                                                                                                                        iguufjAqnn.exeGet hashmaliciousNetSupport RAT, LummaC StealerBrowse
                                                                                                                        • kapetownlink.com/installer.exe
                                                                                                                        fNEOQV1Qo2.exeGet hashmaliciousNetSupport RAT, LummaC StealerBrowse
                                                                                                                        • kapetownlink.com/installer.exe
                                                                                                                        ZmWSzgevgt.exeGet hashmaliciousNetSupport RAT, LummaC StealerBrowse
                                                                                                                        • kapetownlink.com/installer.exe
                                                                                                                        172.67.152.1082D5770EB59209D2238670233CB2BE6424F7974800B83F.exeGet hashmaliciousUnknownBrowse
                                                                                                                          6D3F3F26752DF1A041952CEAB949662805FFF34D6D06D.exeGet hashmaliciousUnknownBrowse
                                                                                                                            D1E33311A3E42A9C958CED92087534253817C228A36A6.exeGet hashmaliciousUnknownBrowse
                                                                                                                              0AD888FB7715FA597961E058A51D397B78F5518EC63D1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                d47b38d68c7ef6c19add401c1c6defb99aef1fac8fd28.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  d47b38d68c7ef6c19add401c1c6defb99aef1fac8fd28.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    69e6517b2ee056dd1f5f70c46faf6235b84db97a74a65.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      sq5W8v3VZV.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        MassTube_Plus_1700502_Portable.exeGet hashmaliciousNetSupport RAT, Stealc, VidarBrowse

                                                                                                                                          Domains

                                                                                                                                          No context

                                                                                                                                          ASNs

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          CELANESE-USuOnCYVz68U.exeGet hashmaliciousRedLineBrowse
                                                                                                                                          • 159.223.64.235
                                                                                                                                          365g2pmXib.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 148.163.178.223
                                                                                                                                          file.exeGet hashmaliciousDarkTortilla, RedLineBrowse
                                                                                                                                          • 159.223.92.119
                                                                                                                                          file.exeGet hashmaliciousDarkTortilla, RedLineBrowse
                                                                                                                                          • 159.223.92.119
                                                                                                                                          file.exeGet hashmaliciousDarkTortilla, RedLine, zgRATBrowse
                                                                                                                                          • 159.223.92.119
                                                                                                                                          2D5770EB59209D2238670233CB2BE6424F7974800B83F.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 159.223.29.40
                                                                                                                                          6D3F3F26752DF1A041952CEAB949662805FFF34D6D06D.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 159.223.29.40
                                                                                                                                          D1E33311A3E42A9C958CED92087534253817C228A36A6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 159.223.29.40
                                                                                                                                          5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 159.223.29.40
                                                                                                                                          F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 159.223.29.40
                                                                                                                                          CLOUDFLARENETUSSecuriteInfo.com.Win32.PWSX-gen.17762.9680.exeGet hashmaliciousLummaC, Amadey, Fabookie, Glupteba, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                          • 172.67.199.120
                                                                                                                                          https://usw2.nyl.as/t1/112/b5dzey0gdaiy1k2ezfqzzafw0/0/4f5d37d8e8cc5a18370f9042d95e8772481fb0af14b8846bc3090e217b97d1a3Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                          • 104.17.2.184
                                                                                                                                          zsGh6GOugh.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 172.68.1.224
                                                                                                                                          ZPxpPStblJ.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 104.31.18.162
                                                                                                                                          https://simplebooklet.com/sevenairGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.17.2.184
                                                                                                                                          R49jLE923E.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 162.158.206.213
                                                                                                                                          xGFgXWrVPV.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.67.172.63
                                                                                                                                          https://link.mail.beehiiv.com/ls/click?upn=z-2BRdIR5R5JCqmd8KqF9tC8GVLbVr7mzuZoTVRZyhS737lQqgzDlDqMf1GIeusZF-2F-2FIF8FsL8Vwd-2BMR7VKPzoQdKU6XLeWasvnZdF-2BIesSf1aVUYhijNivWqNmv254uVgozqBQy895TLACW4XzH6cMILnc3v5XdP8J60jAHPmBbA-3DMlpL_RxYQb75RtIxvgJrGgi2sNKAG4r-2FmM2dAPVuLS82mtV38wh6bnsZPeBQgXuBtquit9syA3XR14iNoOje29L7lS5ql0mEYUNvnIVOBqEYLkary9fFbBU50lTgzOLGk6xBRnbZ1ULiSsMgx-2Bt3SgU28uzorg5xQ34NzwTCTzGsdFQcCbGEKnZPShSFtbfgrr1-2FueFbzwRUvAlM4jv8navMLkfynbVns-2FYrRuXAHPMrhWYgDATpd3E04AkkzW-2BGfUBCVvS9ILGTX1tsQq5i-2BW0L0-2FLxPuFtbDrZKFQC1GgQrBlOHeNEhEZccx-2FC3pc6wgJnYclE8MtqhF9JBzEJvFXBEFiMvDZnYmtYIkvmUbAldaloK4h6Y1Ed-2B5eOfL-2Bo0Lyg-2FpTEkF-2Bkrt-2F376Tsw3q0d-2BUnAx7mc51p5IIAHU-2Fzaxv4QqzGiF0bZpFf-2BIjUaQ6xp#/?cfg=c3lsdmllLnNwZXVydEBhZnRyYWwuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.18.69.40
                                                                                                                                          FW Agreement Approval..msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 104.17.2.184
                                                                                                                                          OZ68lnCT2m.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 1.3.103.19
                                                                                                                                          ON-LINE-DATAServerlocation-NetherlandsDrontenNLFU6bitbdJF.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 185.235.146.207
                                                                                                                                          tuc4.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                          • 45.82.70.219
                                                                                                                                          tuc2.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                          • 45.82.70.219
                                                                                                                                          tuc6.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                          • 45.82.70.219
                                                                                                                                          tuc5.exeGet hashmaliciousPetite Virus, Socks5SystemzBrowse
                                                                                                                                          • 45.82.70.219
                                                                                                                                          7E18416DE1803F8E39A3F4459532F5DEBEEB67D0D7E49.exeGet hashmaliciousDCRatBrowse
                                                                                                                                          • 77.83.173.248
                                                                                                                                          CMkbnGtfmp.exeGet hashmaliciousRedLineBrowse
                                                                                                                                          • 213.166.71.117
                                                                                                                                          7Qt6s0iCSn.exeGet hashmaliciousRedLineBrowse
                                                                                                                                          • 80.89.229.168
                                                                                                                                          https://info-zoomapp.com/?af_xp=custom&gclid=CjwKCAiAjrarBhAWEiwA2qWdCFTfcDLj2is-hkYjyqVsrmrpwVE3EUzsayZIqul26CSfTGPvDFUbahoC0r8QAvD_BwE&pid=777&shortlink=4gngjr73&source_caller=uiGet hashmaliciousUnknownBrowse
                                                                                                                                          • 45.12.213.62
                                                                                                                                          JlsamXyn4T.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 85.208.184.123
                                                                                                                                          CLOUDFLARENETUSSecuriteInfo.com.Win32.PWSX-gen.17762.9680.exeGet hashmaliciousLummaC, Amadey, Fabookie, Glupteba, PureLog Stealer, RedLine, StealcBrowse
                                                                                                                                          • 172.67.199.120
                                                                                                                                          https://usw2.nyl.as/t1/112/b5dzey0gdaiy1k2ezfqzzafw0/0/4f5d37d8e8cc5a18370f9042d95e8772481fb0af14b8846bc3090e217b97d1a3Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                          • 104.17.2.184
                                                                                                                                          zsGh6GOugh.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 172.68.1.224
                                                                                                                                          ZPxpPStblJ.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 104.31.18.162
                                                                                                                                          https://simplebooklet.com/sevenairGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.17.2.184
                                                                                                                                          R49jLE923E.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 162.158.206.213
                                                                                                                                          xGFgXWrVPV.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          • 172.67.172.63
                                                                                                                                          https://link.mail.beehiiv.com/ls/click?upn=z-2BRdIR5R5JCqmd8KqF9tC8GVLbVr7mzuZoTVRZyhS737lQqgzDlDqMf1GIeusZF-2F-2FIF8FsL8Vwd-2BMR7VKPzoQdKU6XLeWasvnZdF-2BIesSf1aVUYhijNivWqNmv254uVgozqBQy895TLACW4XzH6cMILnc3v5XdP8J60jAHPmBbA-3DMlpL_RxYQb75RtIxvgJrGgi2sNKAG4r-2FmM2dAPVuLS82mtV38wh6bnsZPeBQgXuBtquit9syA3XR14iNoOje29L7lS5ql0mEYUNvnIVOBqEYLkary9fFbBU50lTgzOLGk6xBRnbZ1ULiSsMgx-2Bt3SgU28uzorg5xQ34NzwTCTzGsdFQcCbGEKnZPShSFtbfgrr1-2FueFbzwRUvAlM4jv8navMLkfynbVns-2FYrRuXAHPMrhWYgDATpd3E04AkkzW-2BGfUBCVvS9ILGTX1tsQq5i-2BW0L0-2FLxPuFtbDrZKFQC1GgQrBlOHeNEhEZccx-2FC3pc6wgJnYclE8MtqhF9JBzEJvFXBEFiMvDZnYmtYIkvmUbAldaloK4h6Y1Ed-2B5eOfL-2Bo0Lyg-2FpTEkF-2Bkrt-2F376Tsw3q0d-2BUnAx7mc51p5IIAHU-2Fzaxv4QqzGiF0bZpFf-2BIjUaQ6xp#/?cfg=c3lsdmllLnNwZXVydEBhZnRyYWwuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                          • 104.18.69.40
                                                                                                                                          FW Agreement Approval..msgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                          • 104.17.2.184
                                                                                                                                          OZ68lnCT2m.elfGet hashmaliciousMiraiBrowse
                                                                                                                                          • 1.3.103.19

                                                                                                                                          JA3 Fingerprints

                                                                                                                                          No context

                                                                                                                                          Dropped Files

                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exe2D5770EB59209D2238670233CB2BE6424F7974800B83F.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            6D3F3F26752DF1A041952CEAB949662805FFF34D6D06D.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              D1E33311A3E42A9C958CED92087534253817C228A36A6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      A1318324E8604DD73AFC5FE4241F1FC29771DE37DE98B.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          2960752406911082906D73A7BD80BD2B5815425A6ED0E.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            0AD888FB7715FA597961E058A51D397B78F5518EC63D1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Opera_GX_assistant_73.0.3856.382_Setup[1].exe2D5770EB59209D2238670233CB2BE6424F7974800B83F.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                6D3F3F26752DF1A041952CEAB949662805FFF34D6D06D.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  D1E33311A3E42A9C958CED92087534253817C228A36A6.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          A1318324E8604DD73AFC5FE4241F1FC29771DE37DE98B.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              2960752406911082906D73A7BD80BD2B5815425A6ED0E.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                0AD888FB7715FA597961E058A51D397B78F5518EC63D1.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Certificate, Version=3
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1428
                                                                                                                                                                                  Entropy (8bit):7.688784034406474
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                  MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                  SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                  SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                  SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):254
                                                                                                                                                                                  Entropy (8bit):3.045024851223198
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:kKedgLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:4gLYS4tWOxSW0PAMsZp
                                                                                                                                                                                  MD5:B2EE37A1AC3432727C6FC543E24D3C99
                                                                                                                                                                                  SHA1:547EA852735C42E47A3E6F0730D85904CB2AF875
                                                                                                                                                                                  SHA-256:22BF899178593C26D31EB6A596F0C57AAD9B80D3AB0526A5FB672F829EDE5175
                                                                                                                                                                                  SHA-512:41D423436A6C3D2169D1DB27E62814D6733CA3B520F20FFD15EA1CB84E064E43E2A81A3C7F1F5A2F6C1B7772CEFD724CCCF6D4D1172A92E0B9E5EB45F6C601D4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:p...... ....l....GD..Y..(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002c.db

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):109624
                                                                                                                                                                                  Entropy (8bit):4.023278234079597
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:AZp7FDIkDk2XGu/f5pjk0ygGPHjhd/N/LyrrJEn5KxQ6RR1v/0oVeXmcypJ3MdhM:0dk2/9G/VdSchgiPGjnf+PFYKJyRF/
                                                                                                                                                                                  MD5:279809E7F7804C60CDD19F7CAEA74E9D
                                                                                                                                                                                  SHA1:AF72291D30ED46EFA8E9DD3ED1E1E58817B1A928
                                                                                                                                                                                  SHA-256:6F16B5E72A155C42B473DC3A1A3DE9400D14835079171F8326C4FD50DDB5C2A6
                                                                                                                                                                                  SHA-512:2A765E7E345EB5BD21A5428471D5572D89BC8E791661E6F7834EB80809D38C9B36D9F859F58B077C36D08A5AEA8BC9A498CAD27A142E68DE19AA3479663204A3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:....h... ...8..........P..............Z...8...a........... ...........X.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002d.db

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):107824
                                                                                                                                                                                  Entropy (8bit):4.036546168696297
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:768:7ZkmF4t5yk0GJzuFvjjk0m5OyhSwrvBGNGLw1eJQ+aoxZz8R1vIhokb1m/ypu3a/:tnk3uIcyQsvzKhginGJnoUFkKeo2aphH
                                                                                                                                                                                  MD5:12DDC4D090A298A20235F5520486D595
                                                                                                                                                                                  SHA1:F57B9F2CBEE09689EB284E298A18E9139417B950
                                                                                                                                                                                  SHA-256:CF3167488BB24BEA88B677526D776DFDF1E0A77E165CA2087EAEC0C7BF831617
                                                                                                                                                                                  SHA-512:ED381ADA7BBF82CD62A2FF2FEFF6D790D5633C837370C66135B208CCB3BA99E86FC71535DD15D2CCAD83C04C4020DC9D82AAC66E90632C1ECE218C434DB35F6A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:....h... ...0..........P..............Z...8...a........... ...........X.......e.n.-.C.H.;.e.n.-.G.B..............................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x000000000000002e.db

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Windows\explorer.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):105952
                                                                                                                                                                                  Entropy (8bit):4.050159086408296
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1536:rGktfyGupcojuiqzGh8iGGMngCF0KJqb4XSmw:ykJyGupcojuNzGh8iRCFz9S3
                                                                                                                                                                                  MD5:BA5C73DA6B133BD4E8A876BE873563E2
                                                                                                                                                                                  SHA1:E3443FC553D47B2FD68A728C35872B5809BFAF18
                                                                                                                                                                                  SHA-256:0F43EC258DC60DB54777CA342F5D21D9A827C77CA06DB22D39E3D21DD0BD0C4C
                                                                                                                                                                                  SHA-512:15473D7E053BA8A4D030321782BC6A45883CE8566A348C5BEDF83375E58D30C19E2B225C3CAAF00E64B5C1E28385A65BC241F3D1A902CC9C9A55B79DDFA94068
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:....h... ...............P...............Z......a...0..............x...X.......e.n.-.C.H.;.e.n.-.G.B...............P..............P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....\.1...........Microsoft.D............................................M.i.c.r.o.s.o.f.t.....V.1...........Windows.@............................................W.i.n.d.o.w.s.....`.1...........Start Menu..F............................................S.t.a.r.t. .M.e.n.u.................. ..........P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....P.1...........user.<............................................j.o.n.e.s

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\Opera_GX_assistant_73.0.3856.382_Setup[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1499104
                                                                                                                                                                                  Entropy (8bit):7.985603261747699
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:4ACKcQz8HkfJ8dQnd4GrbwsgY+UfLBCQdI5f3cjCRgCPPWCUZry8k/GUrbN:5pT8HkfJ5eGrbmR0afsXCBrG
                                                                                                                                                                                  MD5:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                  SHA1:6368B0A81608C701B06B97AEFF194CE88FD0E3C0
                                                                                                                                                                                  SHA-256:E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
                                                                                                                                                                                  SHA-512:59E46277CA79A43ED8B0A25B24EFF013E251A75F90587E013B9C12851E5DD7283B6172F7D48583982F6A32069457778EE440025C1C754BF7BB6CE8AE1D2C3FC5
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 1%, Browse
                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                  • Filename: 2D5770EB59209D2238670233CB2BE6424F7974800B83F.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 6D3F3F26752DF1A041952CEAB949662805FFF34D6D06D.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: D1E33311A3E42A9C958CED92087534253817C228A36A6.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: A1318324E8604DD73AFC5FE4241F1FC29771DE37DE98B.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 2960752406911082906D73A7BD80BD2B5815425A6ED0E.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 0AD888FB7715FA597961E058A51D397B78F5518EC63D1.exe, Detection: malicious, Browse
                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................7........................................b......................H................................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\da[1].php

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:V:V
                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\track_inl2[1].htm

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3
                                                                                                                                                                                  Entropy (8bit):1.584962500721156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:F:F
                                                                                                                                                                                  MD5:EFF5BC1EF8EC9D03E640FC4370F5EACD
                                                                                                                                                                                  SHA1:92A949FD41844E1BB8C6812CDEA102708FDE23A4
                                                                                                                                                                                  SHA-256:DC51B8C96C2D745DF3BD5590D990230A482FD247123599548E0632FDBF97FC22
                                                                                                                                                                                  SHA-512:672F8FF4AE8530DE295F9DD963724947841E6277EDEC3B21820B5E44D0A64BAEF90FB04E22048028453D715F79357ACC5BD2D566FE6EDE65F981BA3DDA06BAE4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:ok.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\das[1].php

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:V:V
                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\features[1].json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1417
                                                                                                                                                                                  Entropy (8bit):4.395216393786374
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:YpiRAS3R+GRH4rRUtRCRMR6mR5DR3RoRY+RWEIiRGiRCR8xRbRIjRuAcBpDRlDRH:YpiRhR/RYRUtRCRMR6mR5DR3RoRJRWEf
                                                                                                                                                                                  MD5:DA0FFF89499F2F97A18D7C2F36A0E26C
                                                                                                                                                                                  SHA1:735459D83F4FFCD74FBE936E7E6AC7B8234DACD2
                                                                                                                                                                                  SHA-256:23CE6F08B735CA050DF44E39AB3D4286E60F62ADF4693FB13F53DACE25935EFE
                                                                                                                                                                                  SHA-512:062140AA683304F3612D96E9104003C6B08328E9DC23F48B2BFE81450BFBB6FD6112BAD400E3553BA32F33B8E104648286A2090DCBA719874AB3E5D784EDD5A5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Preview:{"features":{"13e025f64bd6":{"state":"disabled"},"13eeaf851da7":{"state":"enabled"},"15322f489976":{"state":"enabled"},"1ad69b007ce5":{"state":"enabled"},"1c4dddb65bac":{"state":"enabled"},"1d24dceb937a":{"state":"enabled"},"278deecb29a1":{"state":"enabled"},"2c1429a5a72e":{"state":"enabled"},"40db6e644d2c":{"state":"disabled"},"50796754ffc7":{"state":"enabled"},"5448a57d6689":{"state":"disabled"},"54726ed4401e":{"state":"enabled"},"56d717ae3ad6":{"state":"enabled"},"5a28d66c82cd":{"state":"enabled"},"603cade21cf7":{"state":"enabled"},"654296fe9d6c":{"state":"enabled"},"7e93fef4a11d":{"state":"enabled"},"818c3ef12d0b":{"state":"enabled","dna_filter":{"required_dna":["64336fb81a04836eb8108d24fbca3aa3682db0a5"],"forbidden_dna":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"]}},"8511df77ed15":{"state":"enabled"},"970fe421a344":{"state":"enabled"},"9ec4e68ae70a":{"state":"disabled"},"b2a2a32b832b":{"state":"enabled"},"b7751444d14a":{"state":"enabled"},"b9677b166709":{"state":"disabled"},"c2410

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\installer[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4724720
                                                                                                                                                                                  Entropy (8bit):7.0944141075328115
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:98304:5YoIz3Q2HM5Qp4WzMIaX8/BG6v/gIV0sba5mFkDzLb:5i3QDCpQaJGkDegFwL
                                                                                                                                                                                  MD5:FA24733F5A6A6F44D0E65D7D98B84AA6
                                                                                                                                                                                  SHA1:51A62BEAB55096E17F2E17F042F7BD7DEDABF1AE
                                                                                                                                                                                  SHA-256:DA1B144B5F908CB7E811489DFE660E06AA6DF9C9158C6972EC9C79C48AFACB7E
                                                                                                                                                                                  SHA-512:1953201D8CD448AA7D23C3E57665546ACE835F97C8CC8D0F323573CEF03A6F317F86C7C3841268ECE1760B911C67845D7E6AA198A44F720DCA02A5A8BCB8E21E
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 79%
                                                                                                                                                                                  • Antivirus: Virustotal, Detection: 68%, Browse
                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                  • Filename: 2D5770EB59209D2238670233CB2BE6424F7974800B83F.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 6D3F3F26752DF1A041952CEAB949662805FFF34D6D06D.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: D1E33311A3E42A9C958CED92087534253817C228A36A6.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 5672D5B80770DEB68BF2435FEF12D521C04CE012250CC.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: A1318324E8604DD73AFC5FE4241F1FC29771DE37DE98B.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: F85362FA96806CE4FF93B8A49E0E74F65DEA0B759AE87.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 2960752406911082906D73A7BD80BD2B5815425A6ED0E.exe, Detection: malicious, Browse
                                                                                                                                                                                  • Filename: 0AD888FB7715FA597961E058A51D397B78F5518EC63D1.exe, Detection: malicious, Browse
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............S...S...SA..R...SA..R+..SA..R...S...R...S...R...S...R...SA..R...SA..R...SA..R...S...SO..S...R..S..=S...S..US...S...R...SRich...S................PE..L...G.gb..........".......!.........D.........!...@.........................../.....'.H...@.................................$.*.(.....*.............x.G.x.....-..[....$.p.....................$.......!.@.............!.......).`....................text.....!.......!................. ..`.rdata..di....!..j....!.............@..@.data.......0*..j....*.............@....rsrc.........*.......*.............@..@.reloc...[....-..\...D-.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Icreplo_98220[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11065129
                                                                                                                                                                                  Entropy (8bit):7.96991159694097
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:196608:pm7CwA/6hJij8gZbSgazIhsdiFlDOp0aPT+9IRZt5o9Y:OCAhJQ8USgachs4FlDq0aPbjo9Y
                                                                                                                                                                                  MD5:C060CC25B2F5B27A73D320F1173D1BE9
                                                                                                                                                                                  SHA1:4667FCDACFC6DAD7176ABDED4A4888E54B00E920
                                                                                                                                                                                  SHA-256:129F005C2043E43438B0CB621BF7D6289B12B34E6D7C4D24B9AE15523D171042
                                                                                                                                                                                  SHA-512:28D261461D86909BF30D876125DEDEFE062A23E4265EB495E07A58724C0656BB1256A5313D947362E1D021DA94E76320328D4250344EB44C06E3F7FD94F9795D
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...^.......^.......p....@.......................................@......@...................@....... .......p.......................................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\Opera_GX_106.0.4998.74_Autoupdate_x64[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):139990888
                                                                                                                                                                                  Entropy (8bit):7.999994927046636
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:3145728:pebrmlLOr6pGFfpHQjxDaMxuQdyfYkfW7+qG/pR4oK4hQ8zcjT:Ehr6pJVxpdyfXcGUuXzm
                                                                                                                                                                                  MD5:D9A07B746D1C7BBE738964B4F727AC27
                                                                                                                                                                                  SHA1:01224816F2F34ECE24728D7DE552BCF76B647C6F
                                                                                                                                                                                  SHA-256:36015707ABD77EB3487FBF6B83D0ACB980C37B8B0676CDB654C89A35B8651EFE
                                                                                                                                                                                  SHA-512:7A057FDA77EE1613B77BF584BFD1EA539707C2BCE71AB7D647382BF4A0F97D4839C51EF8AEFDE9DEAEA91CE7060C983688AA4C1A24F923112A6D7DEFF179C809
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@..................................@X......................................b........................W..)...........................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\1698947853-custom_partner_content[1].json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1344708
                                                                                                                                                                                  Entropy (8bit):6.081849998191263
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:idUTvr+x0E4H3CAHkd0OhPVVUCs4dxemFiG7V76d5vQVUCaxU:iKTHhySkuz/G65v1y
                                                                                                                                                                                  MD5:1FB07CF2B20D516ADC1067D9C4C57BB7
                                                                                                                                                                                  SHA1:DA0BFEB9A98B2FDAF422A1B52FFA33ECA0684EA1
                                                                                                                                                                                  SHA-256:294592F92BDDA407A531D81D64B7D141979F7B5B052370C1041430530DB7C481
                                                                                                                                                                                  SHA-512:F4B17E1E60281465A3288E5BDE7C537AC419236A72B680AD533E93CAE81DC8E12221339A737C27257B0A561192F655C70230D818EB0219CCB5E4641B5FF811D8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// DUwgkzpRs2UBZDQI77+cT3P6rFCB1A0dTs323s0P8VwKPNxJg7UC76QDbcCRMySUWu6oS1yzTCguRlUYTcidqpeZdtHOL09/z+luPzIHHqB/vQ9rnmKvNPJpGrBJkKfytTOuw9v8frDeZaeH6r4iB1b3IcxXDVBG/cZiVMvhj0/b9SbAbkgN94GUrDjIArHEo49eBMFcYKuLFjOUmbiRuESFn3Rlx1SFNsPk2GEohrRvsb3Fzh9UH6hwKFUEBxwUWIGMtPpf2rIDmUxAEUigjvrWMiGoDk4x5FdM+p5livY9OVeyVGtcfDm8zZJ3psJ6Uz8cqK1ZhYsebZFUup9rZA==.{. "version": 32,. "partner_id": "std-1",. "user_agent": "std-1",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0].

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\OperaGXSetup[1].exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3355816
                                                                                                                                                                                  Entropy (8bit):7.7768157039053945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:98304:M0Yl5VdpeXteaZ5AYFl+3sJX0hjStE426Z+0eAjrJq6hqb+wXwr4Nbw+:05VdwpbAIl+cJSGtZZ+
                                                                                                                                                                                  MD5:CFCF91EF96623A139475B53B686229DC
                                                                                                                                                                                  SHA1:D38D63B2B59C8A0A035B5E6BE792045B9F643E6C
                                                                                                                                                                                  SHA-256:BFD52C7C2ECA1BB09D745582455A7D9DB13E85CCFE47B35E7BFD549DF70C8EA0
                                                                                                                                                                                  SHA-512:28354E842D3DFD7B32B6301122070FFD78ADFFE5EBB7F98FA2113FF971E98B7444454DD0EAC4A0AFFE814FBD53C7CE30B6B54CE5A3E2C5EF0A8995E3A92A0D8B
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....e..........".......2..@....#...V...#...V...@...........................V..... .3...@...................................V.......V../............3..,....V.$...........................t.V.......V.............................................UPX0......#.............................UPX1......2...#...2.................@....rsrc....@....V..2....2.............@...4.02.UPX!....*.A.....;eV...2...U.&.......U..SWV.....e..E...E..E.........d....M........}...........M.1..U..Nf.........M.).).....9..L.M.4.9.r.9.wz.u..t.SPQ....K..U.....B...B..M...;}.}>.M....w..Z.9.r....X$...........`.......t.`..A..yN...~.1..E\.6.......^_[]...@>..;!.h...../h...Q......,...0|.....f.U......Ed..p....U.M. ..2.._.@.. ..}..F..E.....op..E...X0.n.......}..u..fF.E.@@..;E.}^.....W.._.9.s...e.)..9.w...r....9...wKc'SQR...........f}.>..W.....O|......[..d..1..M.d..HB..7.8..B?_.....@>..E

                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\das[1].php

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:V:V
                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\106.0.4998.74.manifest

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):225
                                                                                                                                                                                  Entropy (8bit):4.956657181398446
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:KdhlRu9TbX+A8/5RFYpfkjwX0CdiYCWoA1G:KLuVA5cp8jE07vWBG
                                                                                                                                                                                  MD5:8738EB091D37D89347E4B0F92E8214E3
                                                                                                                                                                                  SHA1:3CBE834ABB9951D9B8B2753497FC78863F56CBAA
                                                                                                                                                                                  SHA-256:4085A27DAD28D2C51F9B7439FEBB2EAB1C4B005A9721D9996385F68661198560
                                                                                                                                                                                  SHA-512:8E86C7240B7E77D3A4735FA12D18DFD2CF7D388FA77E6798810A3CB0F6724973649675AF4AA118F44C786DD2DFD6FD313021A4A5BC4BE47B90C1EF26F50791E8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='106.0.4998.74'.. version='106.0.4998.74'.. type='win32'/>.. <file name='opera_elf.dll'/>..</assembly>..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\22c8bf83-3981-4d01-98e2-4e90ba5bac7c.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):395193781
                                                                                                                                                                                  Entropy (8bit):7.089053750448825
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3145728:RkgrIbisUWa4SxGSCvGHYL52LZByhNvFfQisoYN3U2DDPDjo1VknvTbeq71lT:RfLYLILZByvvFfGzEoDPv2g
                                                                                                                                                                                  MD5:4F35205D6273CD18C45FCB6EA54FF455
                                                                                                                                                                                  SHA1:F41FDB4E26BA84D389B9A2F44431BF910B19E07C
                                                                                                                                                                                  SHA-256:F795B7E2271898FA5CB79EAE8C7810BAC68D2F65B77562CCE2B664E711611B77
                                                                                                                                                                                  SHA-512:08DB42654A3A8B7CF2EA810EF1DB9B59B5AA4EB9B1FBEC24F04E5B05AC83C46F700F255F2DADEBA67EAEC7A0E1532EBF4E71CF5D181C0033876F21AF96F42556
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:<assembly.. xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>.. <assemblyIdentity.. name='106.0.4998.74'.. version='106.0.4998.74'.. type='win32'/>.. <file name='opera_elf.dll'/>..</assembly>...PNG........IHDR.............<.q....LIDATx...1..... ..6.^`...................{........m.m].m.m.m........[s....._.....N.Nw..._w..P...R... ......`........_[.i1...`.$.......C......*..,...v.l.>.ZP.B...E@......!?d..!.d.R......g)0...^H[.u.4.k`....0<.d.1.....0...Q`..I.._T..!...|pG.m=..a&.e.U(...C...n.^`........FB.X...Oio...z!...:.Tx.8;..9.[a........{.~.^......P.].r..d..A...?....<y.v"......l......^..._.....MA.o....?.>u._.d..`......E.@.5........E..................R...A..O}{.k..2.....jx\..5U.a.%."#.nA....6.!..W2.............R..j6r..v...."....N.GA..8.......>..p..#..,X.....Q...y..#.a..)....Q.e.zc\.'@.Al.....io....=......D.......F......A#6.^.^.Ma5...b.b...D...+.P.. .[.o..z....,...#<U.0.O.#..Z..........Q{...jA..ka|}...q.s.y^.!.Gh..R....t.g....F.......g

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\150x150Logo.scale-100.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2181
                                                                                                                                                                                  Entropy (8bit):7.807674908350133
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:Pe+1prHq0WWdnFX5lKhqEiJVk10s5pqe/cme:G+1prHqXkhrWqEiJa10ae
                                                                                                                                                                                  MD5:B5A21B88B3D8A42DF265817EBEB742BB
                                                                                                                                                                                  SHA1:E0BE32B4FC158DB4E9783094CCE614922114B742
                                                                                                                                                                                  SHA-256:9635C074C9D8EDDE0BAF3111DBD7DB49CBDC370C4F729C80AC382949F32BE526
                                                                                                                                                                                  SHA-512:21ECE0DCF17B038400D09565438FCE8BE61746DAA0250F2FA9D0526BBA3D1CE6F8DA5CCE944EF8FA685C5EB6CF857B073D2A50ADA44A44A76D84813871FAA5D0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR.............<.q....LIDATx...1..... ..6.^`...................{........m.m].m.m.m........[s....._.....N.Nw..._w..P...R... ......`........_[.i1...`.$.......C......*..,...v.l.>.ZP.B...E@......!?d..!.d.R......g)0...^H[.u.4.k`....0<.d.1.....0...Q`..I.._T..!...|pG.m=..a&.e.U(...C...n.^`........FB.X...Oio...z!...:.Tx.8;..9.[a........{.~.^......P.].r..d..A...?....<y.v"......l......^..._.....MA.o....?.>u._.d..`......E.@.5........E..................R...A..O}{.k..2.....jx\..5U.a.%."#.nA....6.!..W2.............R..j6r..v...."....N.GA..8.......>..p..#..,X.....Q...y..#.a..)....Q.e.zc\.'@.Al.....io....=......D.......F......A#6.^.^.Ma5...b.b...D...+.P.. .[.o..z....,...#<U.0.O.#..Z..........Q{...jA..ka|}...q.s.y^.!.Gh..R....t.g....F.......gt..6...7YjaU....0.*.......3..l.#.. =.h0t.06.v..C...T.}m..%...g..i,Cq..8.g.q..hx. .>..Kz...1....VF.)..q..$....._Z-.U...(....~>...-z]$.mh.%...e.+.....|.n.2..:...N._R..x..>.|S......i?.P....Q.F.d..U.8..i...T...........I.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\150x150Logo.scale-100_contrast-white.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1828
                                                                                                                                                                                  Entropy (8bit):7.716814612583543
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:uIrxqF+qFL9yUaKagPWex0mLgIbPdyFKD0YTkogFey6mkAN7G:3wFRoGagTx0A4KDfTko6eCZG
                                                                                                                                                                                  MD5:0BAE0648C3E320C4D439F158B4FD5531
                                                                                                                                                                                  SHA1:4E860AE24F03522C89BDF37F3CCC10B54832861E
                                                                                                                                                                                  SHA-256:28CE8FCB22080CE1F69346CB0720BBE5662959E413426F00062B706013DA8C28
                                                                                                                                                                                  SHA-512:6A5E4105CCBE1664546798DB057B93622C9CBD6D5AF4967E6BE4E390A18FEC0FFCC807E3331F09ED0DE63ED85569BE7EC5EED5A7C663DF6CE4A5B70E09500371
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR................i....IDATx...i.]U........J..RT.H....T...seV..)b.B.5.@.a.Q..P.c. 2E....eR...P(.....P........I...s..v...y...u......Q.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ...S.n...j.."....p..|B..]....>.......9.32.....Y.l.R..*y.\.8.4.....p.K..EY%}.5.h.[*.|.V..i.F..q~...;..W61.M5_..1F...Gj..IZ..u. ...*.w....oS..D.r.).U....j.y.#..y..U..;S.-"...n..v.^i.UW.j.hk...n.....,...LRe[.i.}....H.z@.9.q..".v.U9.""n.)....DD.iX.b.....*'....v5.#..~.$.7.]..Tm.....i......+....m...x.j_.'"NG.]..n.j.vl{..Ls...;.T.=E..3...1;.v..xB...*"^.1U..8...xL,7]...D.9.i.."..N.."...c..D...X...c+.t..8M...[......"f.........R..0R.1..Xh..;ND.=U.ID.a.....v..8...'.uct.....k.q>.q.jc.+b...F....r....AN.....}.....Y.J.k~.;4.3".U....s..$....n.q.b{.q.j......".Y_..E...b.=.S.".4...[...S....Y.6O.L...."...."......i../"..!M.>..4ED.....I..""60x.Ct.i...4.."..f..`(.....4..5.L....o........*W....xX.M...E..C...r.....U...8..<'.G.}D....E.k!.8...ED..iL...V.8.."b.C3[Dl..gED..^....-...NDL.iBs..O...`m..zW...k.A

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\150x150Logo.scale-140.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 210 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3140
                                                                                                                                                                                  Entropy (8bit):7.81304512495968
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:X4+RWiQZwj2bSjtW8+i2elETWt5nQ1pzuiV8:ozEW8+iZECt9kzuie
                                                                                                                                                                                  MD5:7E529063A02E4E83736B0263CB1B82E0
                                                                                                                                                                                  SHA1:17A3C4B76962E90B1D2FA8A49441157949F4DC78
                                                                                                                                                                                  SHA-256:A36A13A5D5E3D39E3018CCC5F8859944C87256F8BE24A3C08A6BF3CB06A26804
                                                                                                                                                                                  SHA-512:571806725F83FECA90360B246D167A8857EDFD9EDC8DC0EF7EEEF80F291FD06088C405A5653513CB8AA309DF08CD609DF85A95E3379E3E5907566C876CA77CDE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR.............?..B....IDATx................................................{..dg.8....m....m.Z.m..;;y...s.GI?..Su..k=.T#..#.;..}/\.g..:b..a+.....t.A}...q..hq.-.}...`:.gk....tm.$...Ax.....B....c.ih....G6L.....;...T.U0...l....~...........W....=<j.....X..O.....r.Y..-..Q..1.....q`..PC..jL...x.'9........y.b=L.m..(U........a.....W......`:.Me.jh..U0.......;..{..I..|.W..C..4...b.nt.......L..a.........`9.!..7N@.......E.?..$.._.q..6..":.+`....W.O.G>o.F.K.c..G.28..Q.....|.....m..#X......N.P..{:...1.........4...F.....w......Z89.Y.w`.L...v.DC.h'......h...[=...c.2...&ze*h..t..j...@?..cpN......0...KC.....f..F.....2"...c1..m.)y..q..(..C,.e..!w.N@I..q4.......!.A...;q..Y..sy.{...."L.p..#<...'.-8.!u.C#...O;.......y<.=....h.c<.=...5N...s....._...p,..Ia...yo....=...Y..4...t.}m@....g._.......#.M{...t........t...;.bjh..l..84.C8..z....B9..[.D.R..}...r..e.pl...~.....<.~ `...Ep..b...L.^.9..x.vB..IZH.a,k..c..L..U...M0....}.n........H..<.!..B.(Y

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\150x150Logo.scale-140_contrast-white.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 210 x 210, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2659
                                                                                                                                                                                  Entropy (8bit):7.828610258666657
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:zQX9JrPPPPPPnouwOlIbylOhFARjcSY1E1y0fAiKb+Y+GzYvpSYWTX5sPPPPPPPn:z0rPPPPPPojFby+m00fAiKiySSYWTXqP
                                                                                                                                                                                  MD5:EBE7D27ED3B4CB6566A10165ABFAA941
                                                                                                                                                                                  SHA1:FDF7C27058CF5DAF7061756E938A33C1BBB26C3D
                                                                                                                                                                                  SHA-256:0BD63FE653885286E180FBDF6D1DADC66AF242B8ED6BD1D03D8C5ECCC20E91D7
                                                                                                                                                                                  SHA-512:50EC8592D78F00A6387F06E077E0DEF88DB26723C0FB8632C4EA06F2E09488DB0FB82E0EB1F03DA53F9C750F6CEBD29F7889B1DE342E4F0AE69F88C4B7B1425B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...............V....*IDATx...{.]U}......"... .!.#..D .k..:.....5...6B..Q@+..lq.(%my.P..C-..Eb..<L5..<C!.1.$wu...f..}........5..Yk...^{.}..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)u.d.Y.b?t..Q.E.,u......$o.-..rK....nw..7..w.TF..-...5=.r....?N...a.N.....~7..7,...r..-..q.}..R....Ye#y.u...IF2...Z..6.o.F....R1<w..]T..H..zw{.k..Y.L.Fm.k.ay.W.P.....I..,5G..C..........v.]...].-R..A......1.a;J-..>E....Qe'............#^VF.J.J-.....LRe.....|....g.M.e.+<.l$gHM.l..y..T.s#.Ow.o+....=...4....P"..J...("...]...~....z...h...P.*..QD....Fg.a..7m...W.`.j..C.q...E....D........8.i..D...^c...J.,.../.&rH[M..9.4._kfzN..#..bD.....[.D.4M3.....2Cs.........._k.Z%....bs7+...wkf...'.%..D.j..!M4A.z-R.k5.....q+-.*&j,..GE......p..(.j_V"......i.M...7.....E..LUz.8>i..jm....[.T.].F.%Q.;.2.....X.x.....-...b...;EQ..dU...avR[..V...f....`,.....J........K...........NWe.....Z:YT.>..{....-..(.uvV......P.x...m..ku.)q..Z>9vU;.)..xTC........j"..ra..D..(..6...t.Ib.O.....D

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\150x150Logo.scale-180.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 270 x 270, 8-bit colormap, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3904
                                                                                                                                                                                  Entropy (8bit):7.301300867894784
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:Fe0zdfrjvg/ofL7NkqKgOL6bq64wL3XtakhXSTxyfO8cg7WZUScsO62vSQ6Q4MCR:JdfrYoDdbJlXBRSMoj6H626Qr45eg
                                                                                                                                                                                  MD5:F332E088E89B88070EF1EFBECA5B90F8
                                                                                                                                                                                  SHA1:86129A8B1E2E7F78D6CE23C58A37FAC9DA5E566D
                                                                                                                                                                                  SHA-256:6A8F64754C75EDCC9ABC1138E44ACBD7064D7E8E2A28783939241DBD6AFA30A5
                                                                                                                                                                                  SHA-512:2314AAE692C024F914661E46CFD76531DA6C09B94C084FE915A0594625927DF30282D09518A950EAFCFDD2E499B1E4877CF3CDBF5509DE0CC756DADCDE43FD45
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR.............Oo......PLTE.....N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N...*....tRNS..8Uq...........jO+..D......o3.0y..b...g..a...@........_....d'...7Qp......K;..^h.\.W.../...S....-..J......&......Y..I!.P.w#...uT |....:.V...1.z%.Fn.6....N..L..$.2.?.e.s".ti

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\150x150Logo.scale-180_contrast-white.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 270 x 270, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3673
                                                                                                                                                                                  Entropy (8bit):7.8322183683928195
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:96:nBWR5fosUcvpqnOtkeU4ghCboMmSaj+5UZy:MvHUUMnOtpz4Csz65UZy
                                                                                                                                                                                  MD5:98B9F7A4F4322E7B46DE392FD20F66E5
                                                                                                                                                                                  SHA1:D009D227522206C40CF592E460C9642CD03B8769
                                                                                                                                                                                  SHA-256:A706B332E6A846357A86C30D0E8BB7697E7DD55C2AE592DD45611DDCE0C0BF14
                                                                                                                                                                                  SHA-512:3B3E5BAF3CFC57119E0812DE2816DF6C7DCB42E96C4891E47C4F32320FD3BE2F27A0118051A6651595BAAAA30069BB1C0D78AA701744A44534CABE7547D4BECD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR..............1.... IDATx...k.u.......:.....*.o..I..J...L.H.(a...1....6S.....b.6..2M...fD.M..TN.5..o qx....;g..}^........."""""""""""""""""""""""""""""""""""""""""""""""""""""""q2.3Qr..z..<r....D.w.2.".r.*...s.......\..)d+.XJ.A........8Vq....g...vo.%..B..._M{.a&.XZ;.|r.v%."NaN.Q..R6....c.cN..~H..M1.X..a'%.d,=iZwF2...;.l.xU.H[..i.6;q.....#.y...w...... m.$~..$...L\E...l. .IM2s5.==.%..-....|.:,.`..........<.c-.".\....l...3...j4...B.sn@....Oxb.%.....B......$...-...WC).j..ru.s+.{.2"..5.c.q.e-...;.`-O1...@.G.F3.El.'..>$...(....d....6....%.CG\.e.[8.5.!.#....`q.3.W]X.%...$y...&...DZI....K..W.x.....%.......H+.O%../..n...~....C4...9nAZ..`..F...2.S.khhtz.E.(.CX....Uf....^&J:..@....$M......(.2..U.].O'vc...mzxlm....obq.M6....,.."H...}J'\yll..,....Jx..$/..X.uH.&.].....r,P-...[9.Q...Lr:....(..>..|..;.h4V.%y.|.]...$#....[[..d...U. ..B.H9..d.26.#.w..5.b....q....oq..0Z.y.NP..1.c.V!!.D=.k1.:.?.q'-..w.]..B,P..B...|....+X....j,..2q....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\150x150Logo.scale-80.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1723
                                                                                                                                                                                  Entropy (8bit):7.769427546963699
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:MtXb2ikqrN+EMaUeTPMSEGS6CT/GF2MdJtDHBkZH39Hmgwiw:CXbzrzfUsUGS6A/ETJtHBYNG1iw
                                                                                                                                                                                  MD5:1F2FB1BF463B2FF2BEC96784DEBFEF84
                                                                                                                                                                                  SHA1:AE6F721AD937FE39F86602F71002435B18BF1EDD
                                                                                                                                                                                  SHA-256:7E6B0D9EA7FDA1B5CA7A0B01290521DFF943DA4CBF1498412CA7D749DB42C32D
                                                                                                                                                                                  SHA-512:0C92C4F75E620D0B636CFD83E89C69A44F6A96A00006FBD0B13637BA5DCC77C9B302029E62F4B80766811F31810F9C20AC1A98B65C38789951CA0E19A5BB6894
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...x...x.....9d6.....IDATx......... ..................s....P...m.m.m.m.m.6N......w.......-...g2/...)z.....K....~(^..`...j...z.^Sc.n.,.....0.VW..al6...a.....R0...k.Q..N..P.x.J[ol2..)o...A....x.....c.m;F...t.16.....L8....vb=AQ0.<.X).@....M......g.....k..,.AN...-..R......$....b..`...... %H....`6.g#..h.]q..5._.@dA..c0.;X....a.. .2...~..;.1..:.x.....q[@R....,4.w.v.._..s;.b..s.Qu5..U.|.6Zj...P..........\...qa. ..D..W.L...c.~.....A...F1g@x....V..`..,..D.=..d.i..Q...o.c...N......$.`....]...P}.G....BT. .?.......L.n..+nG./..cC.>0.N1.\.C..B..4.l./L.3....T.c.S..bf.0..t...J..!.aU..p`.....0./..}.iL.).w..hc.M..'.. ..;'.p.Rt....R.g......8.%14...S....<.Jf./@..U.h'.G.R..D.\..z.4......<....*2K.S.bj.1....=.../pd.........cfPL$7....S[.M.%H.M..W..T...ZP.aA~....D...+..~EYK.#..zOZ.]fA~...fz..].....7.>..|.........[...v..M..vb.........L....z.`.P...X..RP{.....`...+.0...l/..>...i.w...W. .....x....T...............t..+B}d*`/..+.;L...J..._...iC..pv..gA~..k.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\150x150Logo.scale-80_contrast-white.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 120 x 120, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1425
                                                                                                                                                                                  Entropy (8bit):7.721284228612739
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:sRv0SxfL9UEp3g4/RjUG894TBRVPvhjfghucgXy2nRlWzIXQuohMU9ocyMDh:sRv0sq4/tU10XVPZjhy0Izy9srWcyUh
                                                                                                                                                                                  MD5:17471BB63ED62A6E545B6B626A763511
                                                                                                                                                                                  SHA1:586B9EFDE7B3A04580A49F8FE7739593D42D303E
                                                                                                                                                                                  SHA-256:DFD1054F989CDEE25F19EA792F363F042A125CAB537A424F0224BBEE13607E39
                                                                                                                                                                                  SHA-512:F619D963B62EDB07C8077C3C6AE60ED8D3F3DD5BB1D05A2B83DCA1A7A4A346598B055F6C7EA22E05BF281B1DE0F205F5D1054819000759D9450EE1FE8F6491AE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...x...x......m.Y...XIDATx...m..e....}....d...9]9\...r2..L..37...S..."s..SV..].t).*.I..dh.Em..`A ...9.`......./..u.}...........v].KUUUUUUUUUUUUUU...~.p.....M.6Y..l.]...Fv..W;..o..d.l...r..{.d..r....a....r.y...@..>.z..C.l.qh............7{E:d.w.W..ZD.2[.~_..y^4.q.!./;GK......Z."s.m..9...{^.g...g...i..[$"F..x.Pj9.b[E...,.q.^.......v. w...4.I.E\....D....9......C".Q.._El0].=.Z`?.>gD....&Y-b...+E...(.f..~`..."^....Z...:\.h....S.v.v-KE,.8.....W.....Ag.V.....q..yD.<..6....x.d.N.....d..?.Q...[..".WZ&.,....v......Z...vG..k.4."...tv....".T.K.L.q..sQZ%.M3V..D...D.!.-.T.*b.n|W.u..xVl....X..._.."...n...5...W.?.1U7Z...p.>#.R.p..#QzJl.;D\..;E....Q..zl.w..wD.4 .j.u....D,.SE<..Bl.........U.Z.[D..._.4K..u.....mJ.e....&.m......-7*..X...:T.K.}..;~....."6(...O..(M..=.#.q.{..xHl..E,...v...3.`......X.[.E|S.IF......C.b.....r......9....o.\.x..WM..J..5.&.IJ......|...........q.J..!{t9L.Y.}D./5.."Vv|./4V.v....i...8Ji......ae18...>.q....0...X.,

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\70x70Logo.scale-100.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1564
                                                                                                                                                                                  Entropy (8bit):7.78686155071436
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:kO3Sxd5HLMZAoBjXkaBPxrX6hzB6eCvTYJSM2nY2YptQ/ceAV5ulBbYZwix2:MLLMWcV2z8nryWY2SDV5uPsqiw
                                                                                                                                                                                  MD5:C3722E0232EC20AC8F99CCE7A040B294
                                                                                                                                                                                  SHA1:91CA47DA87EC045ED3EF5D97243167F08FB9E10B
                                                                                                                                                                                  SHA-256:A333D7E4293F5269426B3FCB673A284F3708A66F957DE62403B6570B24BAE8F5
                                                                                                                                                                                  SHA-512:71940B8431E36307BA5176939A169B9259BB6B43C32529A10A12C5EA31447BDDCCAD7EB9EF7CB309B175EE7BD56E70926BD5AA0855D0FD9497547ECD7FF93158
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...F...F.....q......IDATx.....L../..m.m.m.m.m{.._...+...d...[.|..y.'.{8..N8..N8....x0..$.iA&..d..@r........&X...../.z..../.....{..../u~....|.._4$5..4...6....q..P..D.U...u...W....o@#..j .o....j...r..MI.n..X.RI.]..W*g.g..;...|.D...2..._.#..$.....A......I..r..GOF#F...L)..P.8.....G.. .l.m..J.=(+.{..@#....CH..|.:..n.%..0..*.{...O.+.Q.ORp...7L)dxS2H..Ge....e....$..k....iJT.~...eZP..A2....g..PUB..|....v.......>..k..~h3...40.x...(.......v.%.F......vl..h`>...P...4...W4.D...\o.9...z....3]........`.}t.......XI.[z..%....S<.e... .D..TA...'.....h....l...,...$7.......0,%....I[Au"...d&?.j......,..|...~F..pB...]......L.]d.v5...U%..h:}%..._.$...X.m.....S.yL...Bc.R;K..8...*..TiP.}5.g..p..m..s].ZU....H.{P.!,..?......t.U....=m-<.a.v..I$...u.T5..LG..b]...c6.19d;k%...3......,..I.[.1..:...YN...h.*5...W..._....dL6.v.Rch..~...i.1G....|].AU.k...H.[Q.a,6.5-....Gt.9U......n(.#...D.v......_.*...@I.}...i.u.@..w.T%..*.&Y.:o.X..3.Z.m..fW..5.....D...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\70x70Logo.scale-100_contrast-white.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 70 x 70, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1341
                                                                                                                                                                                  Entropy (8bit):7.829707677562043
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:vHNfCYvjHq3yow73tnF7H1r8IR07iBa/ptAFjLmocqM3LNpi+MaG9vz:vHsY7Hq3QzT7H1r8Wr0/zAxfyLNp1Pab
                                                                                                                                                                                  MD5:504D80D276ADCC0163A8E4720013F9E7
                                                                                                                                                                                  SHA1:6D34A0593FFCE916CD19B66D61004FD7E7EB2CD1
                                                                                                                                                                                  SHA-256:EBBE0B4761EA8968A0A3FAFB383AC7AE175E98CD31A0F41BDF5FCB43469B58EC
                                                                                                                                                                                  SHA-512:9961259704FF97C0E1899A33259F62155B73264E272064F3FA90E64124513C7C8BD6AB69A39C1EFB271ECC2972AB8FD86FB836F22153A9BB35419C3816D11337
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...F...F......'*.....IDATx...{L.U......#A../.9S.&:/..%]ti...TL][Hm.n..8,gsZ..Zk....:u....lF...".I..[.H(.q...{.sx.</......y....9.9.<."""""l%.J..2.L...xFp?...?.8....:N.M..`2.i..M.uZZ+'..C......9.f.1.X.}He....b...$..V.."..'T........[.s..}..F.........t.lnK..d.5...Yr..ld..x.\...iP... ....X......a ...i.C.D.E.H.&......Y....h..G.....1..h..C..>t...$...m..+..../.<.n4.."..(w..%,.R-...t.$.?..#.QB.+.ep..-.....r3.LYo....A...1CVK..$=.ER....}.o.m<.....#....D]O 1\..}..^....,.|[..L..j..`...n.,...C.N.K..U...k..(.IF......1.....B6..X..U......oK..cvm...tP.....,lM....iAq.+...~.t..M.&...0......i(.y.Gq......Zw.,.H.|... .H...zXR...>....K... )S...E......V..H0UR*...P.....\.I......n.fj*.*|..1...U(=.....~@=.X....Hq...4.....D..4S-...x.t;.....X0.....`....j....+..X8....z.t..DV.6c.\....=Ri2.y.{ac..../Gv./....X.n..o....x..ha.d.....p..V.QRg....8...?.[Qrxo!...r....Ni.4tOHz...Ca...z.K....er....3...;....(.0..[r)6.J.3.S'..(.v....l..~t..".&Fwx..M....P....>.7.E.Z.Y.%.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\70x70Logo.scale-140.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 98 x 98, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2005
                                                                                                                                                                                  Entropy (8bit):7.837796638299837
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:FtyHJuovwDhlXRvUCvqfPAuwdESKbtU04aQkClnRU8lbPxbsFIV4hEIA:FtygGwDhlX1oHO4KwCAQ9MEIA
                                                                                                                                                                                  MD5:667BFBAAEB2D2B372B6E0D4BF4992CE4
                                                                                                                                                                                  SHA1:4C6C2E07183963F59391945FBEE077B55F8F6B2A
                                                                                                                                                                                  SHA-256:207519F1C7B6C7509BFEB7B55724997EEC6456C8BAF55E882E72FC5CD43DA221
                                                                                                                                                                                  SHA-512:AC63A3DD2F6088E7849E3824C35FD58CA78EC77DC31E1F6CBD47DE7CC394318CBA7D2309912206A94180267BE057C2AF5C835424019E2A03EE33A2AB801BA9A4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...b...b.............IDATx..........S.d..........=...F...m...5.r..........m....g{......[1..q./.D.B."......)h.a.o..x.p..r....]..\....b fR......W.a.."..Ix............58.G.G%D.....0lE..E1D.<...u<o...6>....-.`..FX....l\.....K.....{..Y........D...............B.<G.....7.5...8...\....?.!j.b..F..PH..X....8."..,..R....X...((..G.0..&~a...{..DA<v.....H.4Q.u..a..#<Bk...E ..b\@'...3...U.\..4M...o.m.m.m.m.m..$..R9......&..NMW..{..4].....m....h..y/..x....a.[e..7.ua.^.lC8....l0....1...r.&........G.......c.....d....F]...M.a&.M..V..?[..t.P.Xx...*<.(...s...'.Q....'.~{_......8....R.%..7|O.Bl......Sr....^..@..........us.".M..?x....*.T.....A....&.l........H`g..."...I}E.7..].=...C.gz........V!.EE.....7WvB.!.d..vJ...k.{?.......1.n/.Q.{.....LD..;k...\....]G..S.+....F3.}z.=F(.....$..D.[.y.... /Q..eU...]M.[r.......}.f.s..;..!...s..C...x...Y3...<....0.O.p.\..&5...f.u.....4..A..".. .lD..7.#..P.../.i. ......+...M...}/..U\...}..Ah3"t.....D...!v..V$

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\70x70Logo.scale-140_contrast-white.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 98 x 98, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1697
                                                                                                                                                                                  Entropy (8bit):7.76630495035972
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:TyhJvOYkuSoLYIWawZM7SkzaacHxXgr4RzhQpKP7C:6JWiEIOuWkCxCSzhQpCC
                                                                                                                                                                                  MD5:93223E8777B581E988B703DF82593B17
                                                                                                                                                                                  SHA1:40A035464C27041CCC87C7935C45100D93D1C948
                                                                                                                                                                                  SHA-256:464AFAF960C32ABDC2C3937A48BF14C5D1A819B017E719FDED591D43A65D94C4
                                                                                                                                                                                  SHA-512:B8A3EE4A71E609625EAB51F0F6DAFCC82CC47BA2C567CC8BF73CF6423056F9171276289BFDCC8428B7C07645097664065EE9B0B78874425BFF800178222FED12
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...b...b...........hIDATx...........9.Q.f..ttS....u....%..1.a.s.!f..c.b.b.K7QFg3..Y..2M5..6:B..z9.%..N.s>9.{.=..........|.7------------..QNt.G..].E.....b.s.e..X.C...Q.b.;.p..m......g....L.\te.G\.d...F..X..=f..]y.A..\e.t....Ei''...d.X...X..7[TYh.1J..g...y....]/.,r...........mi..2.6J.6Yte.....g.....<o...;..v.T..KJm..\T....i...G.."Qe.c..1.I.T#.6...2...7.y.K.*'.....p..J.2S.V...zf..Z%b..Z.6.z._j.}K..w..R.2.Y..M...P..l..d.JG..Sm..0V..o.u.'R..6...(U.k...k.+m..i].n.ub..D.b.JwJ......-1..(. U..|.^....(."UO..z;.@,2Vi..D,...;K.NAi.."f.TO.j.XlO..}$..M6..".iC.."..MO]-..[(]"U.i..E...J.K..zn..".V..M..i....q.(=%.5...R.e...:P."..(.*U..[...M.G~C......Q3)..]o.%U.*./.c....t..:J...q..k...g...R....\...A.@.kl...H.vJ...x..../....9.:..?q...Y..":@i...4f..E.Yi.T}^.....Q..#..h.#"...4S.y.l...AiG.kl.QWI.nJ.E.F.}M.tP...9...U.f..g...../....]..U:N.{..B..A.2..i.Ru..A"..+jg.kE./Ru..R.g.D...n.q..X-b...f...b.+.q......gD.Y.....q.....t..kA.."&j..Ru..."...j..D..4n.S.wD..gG.x..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\70x70Logo.scale-180.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2699
                                                                                                                                                                                  Entropy (8bit):7.8799233652993115
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:Is+9LgA+9fj19UhKwdgrviOztr/CrWbqCLRTFxFCEEgq0Ol81sqAGz:IlSN1gBTOztr/jbzdh1y0wl1+
                                                                                                                                                                                  MD5:704D0A2693B350E7C463B0FF2143835B
                                                                                                                                                                                  SHA1:0313AD4C3690A590AC54552D2C27806E73776600
                                                                                                                                                                                  SHA-256:D6367DBC074E37F3488C26B0BAD229BFE99F5C6BB0E28D37B41906C436152B57
                                                                                                                                                                                  SHA-512:4517B2FA911149885EC5549F3173D3C774716740826873E4B2199C804B17E776A5296565930E5ACDB8D5476710A391B21E6DA8941DF64C525A487DB4619A1EA7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...~...~......#.....RIDATx......................f..`....6..m..j#fm.qm.Am.m......%_...q.i-.>dh.........q.o!!..]...LC.TF..D.o.8...8.O..|.iLC#$PO<..1P.....wX....J..<5...$`O1.YU..g.L....<.....h....K.4Aw.....[.I...yU)....D|..x......`f..................9f....Y...p..!..E..U%...]......l.#.....#gPB.5...^C4.G.........g...5R... ......W.~H@. .*....8.....G...N.U...c....J".....YQ.m0....b.5.V.Y....:.......(W1.E...yb.,..a.bT.^.O!a...6...+!:.*..|O1......ZQ9...M.6.....!.6..O.XI...#jF..w.o.#|c...%Y.h.m.m.m.m.m.......8.qog.N.....3.}...R.....8...P.M.....].....B......3xs...:M!...K.;.mL.7l.N..=..7......sfJ.;..|Q........}:m..08...y.+.5...D..:....|8.m.]........04Z..b.......c.r....|.....m.6/..!...Y..)4._..0KY.e.[.qL.!...X ..jk.....|.....Ki....q...28...-.....<....4.d`.Z{.-]|B..3 PJ.gP.iW-..]m..61c...8.b.,.. P?&.0........A..!_k`.\.s.>.......d..R...."*<.e../.A.S .+...O.Oq.&.B.Y.6...S.!W^....... ..3.A..*...GA.uX.|[..Oh..=..[..9....l-.l..+...mM..Xu_.#)..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\70x70Logo.scale-180_contrast-white.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 126 x 126, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2334
                                                                                                                                                                                  Entropy (8bit):7.8839656878677005
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:W/zeI9zj1u/VwgVNR+vEgxOfU99BpcZlp9uqRhq4eZDU0BMK:W/zn51gxN4RxH9hUlpkAMt/BT
                                                                                                                                                                                  MD5:39E2FCF13C20103C5F449C06D3A4CF75
                                                                                                                                                                                  SHA1:AE8E1BCE2BE17ED450D891864E6AA22642AF39AC
                                                                                                                                                                                  SHA-256:5D46E4056F3915C279F1FA9EDF61D93529FBCAE5C59D616380EC5D9405B7763D
                                                                                                                                                                                  SHA-512:8E4902262B064008804D49D1B5F27BB7B8F33ECEFB05181AA69534E1D21662719DD4F8E0677C58215F6C5CA9EB4FB92FCA54A89F9720230AFBF06A70216ABF26
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...~...~.....H*m.....IDATx...{p......1\0<.%.1<........L.(.0P....R.(Hkk.3.>(-.X.t...>.Q........#P.H.JECxZ.<...5...${.7......../...g........x<.....x<u.0.Y<.f.s.r..7..1.Q.#.#...X...C|.r.......h...b.e..D.[.H..RG.q..f\.9RhV.y....<.Z..0..K.9.c.s(.C9...d=.4..YJ.V....l2..Y,.....u..kH&........rFh.Na.k8A%J..<.-D...Wc.EL'..T~.......I.........N..F...<E.Q$.*.-N2..a.D..;H Jt..%q.....ml......3L$.n..-.Ha0SX..\.#..w..28..W...Z.......Y.......o.......v5.......|...xv.X.G5m.e....tzq.e.7.G.r..Q...D2l.^....E)J..14............~..HCg8...JZ..TN....id..l...3.Vz9...` ....%3.F..v.JG'....Y...,.lc"-.K.]y...h.m.0C.I....".(Gq....g.S>E#....C..+.....].u...+..I...g....b.H....3d.S =.O,.7[...q.|.6/..U.U(.ed.,....DX{.JA}.im;..)..ld.p.*?....QK.....H..i.....#.~&=.&....pZ..&.2....J.s....p..r...y.e.....c..3.g.H.z".#....C'M.h...?......v...&"...z.e(i.+Wz].....<....?....M+s.&....d....*.0n.....s...<Ws?I....?.{...`5z3..w8.........s.B.d..K..K....LLY.j..^...a.p.~.z....-......l.dM.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\70x70Logo.scale-80.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1096
                                                                                                                                                                                  Entropy (8bit):7.755097954664401
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:TDh4JYYFMId219dZt07Zcglb4iS/cFEAAabL3/006Fs:B4JBMPVEbCe/006Fs
                                                                                                                                                                                  MD5:32D3E390613CDDBD639E70DDB2511AC0
                                                                                                                                                                                  SHA1:C96AC088E72D756F31896B16776EF100379F802C
                                                                                                                                                                                  SHA-256:DC20E5AA2B500CD5B5C9F89647D3487810685C94268F22678E27820E2454BB3E
                                                                                                                                                                                  SHA-512:7381CEB8FEE84F398082177F30DC01593BEEFA729C73B0166AF686BCD25D54312B202D9243834B754769DE41E9A1DEED74CA91A76DCDA918A749CDB4F08C124B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...8...8.......;.....IDATx...S.,I....[k.m.m.m...k.f....0..Ag5..<.w.1...r:..g.+...+........MX.k`=l......\(...........,vDq>.......x..`wl.U...x..[.....(..p...@u..z...1M../.D>...z..'vJ..U..'C.......?c:..U........GQ...,.P.T<...-..|$~....q..n=L..iF....X....q.......p.6{q8.u'*.R..C...Qg..YCN.:........#g^.R...w.......U..j...H5..eF......iO`..4r.R.[.....0...9{....u.v....X6!>.F`*.Nk.....J...5.P..}..F.\..Lk._.`.#...od..7..4!V.......-...{r.P....9^5.2.(.G..OT..<9}1....A..Q...U.{C.....o..S.....S...b....z..T...o....z..Z.xv......O|.8.....u......c...?.....u.u........p4.v`......kQ..4.....jzf.^....F..4...j:.._K.;..z]..0.0>..........|..W..Z5!6.b?....2O.....,.>.Q.y..-...._..k..w.}.V....s.o....W*..._Q...X..=Tcmc{N.P..1..j..'...l.-.?j^2..*~}Zo.J..7..F....D.91.....#2^..7.}7........$.:P..oc"6I..)n...|A..G.....l'..x..bM#.|...e.yT...k..y.]9...2.ao.z~.g`4....e0L..........t....n*.....}D.>.O..Vv..vE.Qs.\.~...s..........v.....T..7..A.9.s.]zQ...Gb.q).2....e...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Assets\70x70Logo.scale-80_contrast-white.png

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PNG image data, 56 x 56, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):901
                                                                                                                                                                                  Entropy (8bit):7.682141855410327
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:x2BZqWXRHKkqILfEDtySHnb98XPA8KWstHNMufZ4jJO2C:xZQEC8BywBmPAGpC4jJa
                                                                                                                                                                                  MD5:E6ADD5AFC73F7B06FC2348550595F8D6
                                                                                                                                                                                  SHA1:4D658BDDB93FA6CB423EBC61BD20DB37E4D37DB6
                                                                                                                                                                                  SHA-256:DD6F46D32C3E235508F9E4C7D7F993BD807D955BCA7E63CF3D57C6C4C102F46D
                                                                                                                                                                                  SHA-512:55437DFEA7F68A4572DFC86B5428CBE9DB86C0D32D0B09BA6B7B1CF8E49E5F1BB94285BBDC97D8EE00D70BA75921DB59644787C1BE1672FE37CEE09441F249B6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...8...8...........LIDATx...mh.e...c....#.."aM..f!Dh....eFaa......0$3.a.bS.(!..$..@%1-+.,.ge..\.9..=<...}...=..7.\'7.-////...T.2.x.F...Ur.5.v..L...Iv..-..a.1&...Y!...U.S%..a......k.V!=....'..M.Pl.F!..s.V..B8g.n..9a......Z.k.....vH..i]V.Yx.....ve:R.I-.c.d...\......S.s<.?....`....).Ab.za^.s.1....~r4[...6a.......$6.o.I.z..A.Z.HG.:.r.C..E..<+.#Q..P.J.._.xYX-...[I.'l.o.{...Q.Y.E.'.V..3...H........i'.w...........:a<...W2.I..0P8(K...IL.V....).V......=". .....;.,....F&..U$6.....d...e.T.}aK...4I.!.(.U."...,}-\G.Rx[&..O...$Kk.I$.k.[&..c......S,.v.....(.Ao...,...K[&T..|.......G.G.6a.++t\..*.?...La......F.....r9..t.U.9.DG.8.o#..j.d..L.~..;B....e.f....*,.......b{./.....N.......`.e$npL.U..f.j.I..A....Oa.^.F.N8`...xU.........@?..t%$.,...l.n)._h0/U.d.....l.C...I....R..)..........3H...N....h.9j.2.{.n_...y..m.9.5.^...H7.i.A.....e.?..R....]....IEND.B`.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\CUESDK.x64_2017.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):485344
                                                                                                                                                                                  Entropy (8bit):5.205582677943175
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:plTZkQQzVVTgmAffw5QTzL6+75I+qZojZdz:pzkQQzVVTgmAffMQTjO+xP
                                                                                                                                                                                  MD5:C96BDDD32F87687C1C941F104BC2D2CA
                                                                                                                                                                                  SHA1:B6B34184F3F8184AD1388F8EA2B6909A412516D4
                                                                                                                                                                                  SHA-256:31A6BB7059CED338295B6243133D008795ED055D0B631F227247E44C5C06CA48
                                                                                                                                                                                  SHA-512:16DDA22CDC96305F19D98D9A309772281A88367195B7B324F36CAC5D12BE6FF7F9C3407F5D68C5E16A2A06D2A092750119E90BCA9F9B57F6AD4BA0029A0B0F86
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........a.y...*...*...*.xE*...*.h.+...*.h.+...*.h.+...*.h.+...*.f.+...*...*p..*ci.+...*ci.+...*ci)*...*..A*...*ci.+...*Rich...*........PE..d....v|_.........." .....N...........L..............................................VS....`.............................................#............`..6.......,F..."...E...p..(...@...8...................`...(....................................................text...hM.......N.................. ..`.rdata...)...`...*...R..............@..@.data....*...........|..............@....pdata..TN.......P..................@..@.idata..X!......."..................@..@.tls.........@......................@....00cfg.......P......................@..@.rsrc...6....`......................@..@.reloc.......p......................@..B........................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\MEIPreload\manifest.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):238
                                                                                                                                                                                  Entropy (8bit):4.824253848576346
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:v5975JVSS18iMkh26VlcmutLwyAGI/zj//gQNMC:Bbt18l+LlMLqGU/gQNMC
                                                                                                                                                                                  MD5:442699C95B20A60470421C6A4D29960F
                                                                                                                                                                                  SHA1:C7317F2D2414C991C21205BA3C68A187B997E3C1
                                                                                                                                                                                  SHA-256:44844CF3DDE6E80087AE0E6BF0D9326D7EF7D23326D24AC83AF0850BE26923D2
                                                                                                                                                                                  SHA-512:C89CF089F7FEEB80C6DED11F1FCE84287ABE8216A6E05723D1A7FAF567C501C043CD1246FF8DBEE1240D2D79C41B698EF4CC3459589E68E5BFC5BED7FC3A150B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{. "name": "MEI Preload", . "icons": {}, . "version": "1.0.7.1652906823", . "manifest_version": 2, . "update_url": "https://clients2.google.com/service/update2/crx", . "description": "Contains preloaded data for Media Engagement".}.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\MEIPreload\preloaded_data.pb

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):8254
                                                                                                                                                                                  Entropy (8bit):6.795641289553097
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:192:bTOpyeS7AOv6EVp/m3FPKk15jjKVcOmQppXavFbeLfzrLyp:bTOk7AdEugo5jjK+5QppXaBebzrLyp
                                                                                                                                                                                  MD5:D5E4C2634EFF8A9B3FAF432BF406D6D1
                                                                                                                                                                                  SHA1:A691F5C9877079193C1F7DFB16DBC30BB0372EC9
                                                                                                                                                                                  SHA-256:C6070A157B4E28D16FBCCBD233E93846DDB070C85E1A1BC64469B7A5F1424FAD
                                                                                                                                                                                  SHA-512:B264E28AC8F111DF01C553445AADC7BCDB3F32A38A1A19D3F9D458270DFEAF80EFA7144407BD999892022AF9DDE9DBF8A0E19E7212720E1C6511EA9125AFB166
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:..@5..0@...@y@o@.AK@X@.@w.!@.@.@.A.A.@.@B@.@.@.<A.A2A_..6strea.....kpo..anim..^...elo.tele..g....pan..bancidiz...don...Ikor........D...ap.cuem...ukleren.squl......ve..vco.. ....sten.tid..+v........dou...myvrs..=bb.jl..#streamfai..P2...nkk........10...f..R527......p...7............85.231.223....11.90.159.13...movie..w23serie...3tv.co...h...pla...00mg...bstrea..W93.178.172.11...49.56.24.2...........secure...|qo.....routk..nitetv.roge..}map...ndavide..ci.t...view.abc.ne..O...j....lianonlinenetw............r..'oora4liv......8.topgir..33.sogirl..rshow12...ayospor.......mc..s...k......sian..nime.c..n......prof..ba..Mtochk..Zkra..Tg...-....K............@.'..2.vos......m..rig...r.. ......@g..>..........perpl..)...tualpi...gintvgo.virginme...eo...mbox.skyen..@aplay.O.E0B...d....W......portal.jo.._...e...ma..........Lsearch.ya...frida......a..Qhnex..jvarzes..ey...........e....y...d.tv...stfr......l......seigr..U...d...q.....z....serial...r...cuevana..Amovistarplu..a.......f

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\Resources.pri

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3072
                                                                                                                                                                                  Entropy (8bit):3.118957212117411
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:Whs+6rek/gF1A6Gbi+4eTy8iPTUucUITUuqQTUGUQTUsITU6UQTUQITUuUQTU0I0:WWnep/FFLxPoRJo+oGpoBo6po1oupop0
                                                                                                                                                                                  MD5:400817D0A91767CB830767AA94383F31
                                                                                                                                                                                  SHA1:73F36C895190223F94E4D52657F14454B2BCBA44
                                                                                                                                                                                  SHA-256:35D92C86C1C054D1C03F4E58B83681BBFD8573143EE5E4CFB4CBD788A1FFC107
                                                                                                                                                                                  SHA-512:2216DFC65E24961A18A4622FF6D8D8A1330283E64477A0E44BAC5B8F9A4CB5690FC90F598BBC152214EE6AA8770FE6608C4C809EC6F2CC73547D8166603B3E15
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:mrm_pri0........ ...............[mrm_decn_info].............8...[mrm_pridescex].........8...H...[mrm_hschema] .................[mrm_res_map__].............@...[mrm_decn_info].........8.......................................................................................................................................................................................................................................W.H.I.T.E...8.0...1.8.0...1.4.0...1.0.0.............8...[mrm_pridescex].........H...........................................H...[mrm_hschema] ...................................U^........m.s.-.a.p.p.x.:././.O.p.e.r.a./...O.p.e.r.a.....................L.......................F...........A...........O...........1.../.......7...!...................................F.i.l.e.s...A.s.s.e.t.s...O.p.e.r.a.P.R.I.C.o.n.f.i.g...x.m.l...7.0.x.7.0.L.o.g.o...p.n.g...1.5.0.x.1.5.0.L.o.g.o...p.n.g..........................................[mrm_res_map__].........@.......,.......................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\assistant_package

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2975648
                                                                                                                                                                                  Entropy (8bit):7.995833280717432
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:49152:PpDH40urxwmLqFP3S8ytVJvYmp3UPdJPuPswCoUpBJmJUpjwyux:Pp40u7iq8y1Aa3UPemJmypjwZ
                                                                                                                                                                                  MD5:5265EA7650B71CEA4E44E8AE0C3F9B8E
                                                                                                                                                                                  SHA1:7370E500D66DF6E4EEB55F3924EA41D845DA0FD4
                                                                                                                                                                                  SHA-256:622AD5D483EF31A21EEFDCA421C5B49E09EFF43ED83F46803A19A45A4694E23C
                                                                                                                                                                                  SHA-512:52B21AC5DE93E43FBFB0D116EDECC2CD01615F79D85E9BFC8D7049EB726CA22369A857B2FC317729B918DC40D9C3945C051510530187A3BD679E7D1CAB5BEA46
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@..................................\.......................................b.......................>-..)...........................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\d3dcompiler_47.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4927400
                                                                                                                                                                                  Entropy (8bit):6.402939366843168
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:BCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNS:IG2QCwmHPnog/pzHAo/A6z
                                                                                                                                                                                  MD5:16D7A60E45ECEA0A9C09D31BB860C8DF
                                                                                                                                                                                  SHA1:FF1102004A569166961DE5F7F96F68C9A766717A
                                                                                                                                                                                  SHA-256:F79358C6ADFD156CB2A621DC0826EAE5E0E34F75C4B3BECC88070D4921F4BB56
                                                                                                                                                                                  SHA-512:3AE19D410C6083B40C0FADA3FED6DCC3E784ABDE8289951290D27A652214C3E3D3FC342B88600D60AF16F281A67129CCEFB87FCF26E5083D785BEA6C65540CD5
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....Z"L...`A........................................`%G.x....(G.P.....J.@.....H.......J..O....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\dxcompiler.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):21676960
                                                                                                                                                                                  Entropy (8bit):6.537117787581431
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:393216:AYZikEW54N1l/xEqqSsajxV+mdMqoO2aKzbryMPqS:AXLFrG1aK3ryMz
                                                                                                                                                                                  MD5:1139B1137E42B8151D9B5D1DAE5C06A6
                                                                                                                                                                                  SHA1:A152CAD5103B30D0A44782EA5918793D46AD6664
                                                                                                                                                                                  SHA-256:6DE9CF45C960EFF38F0672CD9998EA00644B54717A93B1F1C1FB894D90727A55
                                                                                                                                                                                  SHA-512:F3053B63AA78DE7E8F1EDA02B4FFC92885966D8ADD2D58C20B284D396CAB1BAA72DAE5B3830CB19E567B8E70563C09516F9600AE20A439EA38102452AE9D0115
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." ..........E......G.......................................`K....../K...`A............................................p...H...x....@J......0@......J..)...PJ.|.......8...................p...(.......@...........p................................text.............................. ..`.rdata...:.......:.................@..@.data...|.....?..n...^?.............@....pdata......0@.......?.............@..@.00cfg..8.....I......NI.............@..@.gxfg....0....I..2...PI.............@..@.retplne......J.......I..................tls......... J.......I.............@..._RDATA..\....0J.......I.............@..@.rsrc........@J.......I.............@..@.reloc..|....PJ.......I.............@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\dxil.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1519000
                                                                                                                                                                                  Entropy (8bit):6.516141360369862
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:VCfhbh3v3mtZDiAQeWj26k41ob2nrZ1rqpegQDJqoZtp22GkmgA9u808jQPEdkrG:VCfhbh3v3mtEAQrW41obCraeRhy9ou68
                                                                                                                                                                                  MD5:4F9BD56CCA7D2D3E1597B878A282D096
                                                                                                                                                                                  SHA1:BE38C9277295D000CF6885BA8E83E6117280DBB4
                                                                                                                                                                                  SHA-256:81FE8878F1F21EEB7311C421B2A6D4E1A574AC8795A439888E7C5EA939171943
                                                                                                                                                                                  SHA-512:189115304C588EC8C369BC3480FFF23FA358661ADAF89F6EDEA3125C7DF99913F1DB8CF22BDC41E33A5CBD7C4A086664F45421AE3FF671AAA335A9924637D8A5
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......@AC.. -.. -.. -.OX).1 -.OX... -.OX(.. -.VU(.. -..R,.. -.. ,.. -.OX$.. -.OX-.. -.OX.. -.. ... -.OX/.. -.Rich. -.................PE..d...'..}.........." ........."...............................................@............`A............................................l...l...P............`..t........O... .......o..p....................o..(....m..@............................................text...\........................... ..`.rdata..F...........................@..@.data....{.......T..................@....pdata..t....`......."..............@..@_RDATA..............................@..@.rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\files_list

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3699
                                                                                                                                                                                  Entropy (8bit):5.219994817076452
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:ZIlvE3eCPTuqaeDCOLIG4AUsKyIYKJhNewb059RVtZtDGSVRScScSuS0rgB6D:ZIyTf85XZyITJhowbO7VtiORFnbwU
                                                                                                                                                                                  MD5:564DD1BE525B0C94E488CAF6CD945B33
                                                                                                                                                                                  SHA1:5183DE6D8A636998A77332C52558FBC038CFCEC2
                                                                                                                                                                                  SHA-256:1A5D4A7A16BE41F567CC4E13E7E355887EE486F72280C56BA3BF0E59F41EFDC0
                                                                                                                                                                                  SHA-512:15369F5D5BEEE18536576EB38F60F0B97F197DD5E1CDC0F5B0D29DB28F156850BEEB72B72C7C0109AF8EF59249AF0050A43F1F584F49D152F474805347AFB336
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:106.0.4998.74.manifest..CUESDK.x64_2017.dll..MEIPreload\manifest.json..MEIPreload\preloaded_data.pb..d3dcompiler_47.dll..dxcompiler.dll..dxil.dll..headless_command_resources.pak..headless_lib_data.pak..headless_lib_strings.pak..icudtl.dat..installer.exe..libEGL.dll..libGLESv2.dll..localization\bg.pak..localization\bn.pak..localization\ca.pak..localization\cs.pak..localization\da.pak..localization\de.pak..localization\el.pak..localization\en-GB.pak..localization\en-US.pak..localization\es-419.pak..localization\es.pak..localization\fi.pak..localization\fil.pak..localization\fr.pak..localization\hi.pak..localization\hr.pak..localization\hu.pak..localization\id.pak..localization\it.pak..localization\ja.pak..localization\ko.pak..localization\lt.pak..localization\lv.pak..localization\ms.pak..localization\nb.pak..localization\nl.pak..localization\pl.pak..localization\pt-BR.pak..localization\pt-PT.pak..localization\ro.pak..localization\ru.pak..localization\sk.pak..localization\sr.pak..localiza

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\files_list.1707230173.old (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3699
                                                                                                                                                                                  Entropy (8bit):5.219994817076452
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:ZIlvE3eCPTuqaeDCOLIG4AUsKyIYKJhNewb059RVtZtDGSVRScScSuS0rgB6D:ZIyTf85XZyITJhowbO7VtiORFnbwU
                                                                                                                                                                                  MD5:564DD1BE525B0C94E488CAF6CD945B33
                                                                                                                                                                                  SHA1:5183DE6D8A636998A77332C52558FBC038CFCEC2
                                                                                                                                                                                  SHA-256:1A5D4A7A16BE41F567CC4E13E7E355887EE486F72280C56BA3BF0E59F41EFDC0
                                                                                                                                                                                  SHA-512:15369F5D5BEEE18536576EB38F60F0B97F197DD5E1CDC0F5B0D29DB28F156850BEEB72B72C7C0109AF8EF59249AF0050A43F1F584F49D152F474805347AFB336
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:106.0.4998.74.manifest..CUESDK.x64_2017.dll..MEIPreload\manifest.json..MEIPreload\preloaded_data.pb..d3dcompiler_47.dll..dxcompiler.dll..dxil.dll..headless_command_resources.pak..headless_lib_data.pak..headless_lib_strings.pak..icudtl.dat..installer.exe..libEGL.dll..libGLESv2.dll..localization\bg.pak..localization\bn.pak..localization\ca.pak..localization\cs.pak..localization\da.pak..localization\de.pak..localization\el.pak..localization\en-GB.pak..localization\en-US.pak..localization\es-419.pak..localization\es.pak..localization\fi.pak..localization\fil.pak..localization\fr.pak..localization\hi.pak..localization\hr.pak..localization\hu.pak..localization\id.pak..localization\it.pak..localization\ja.pak..localization\ko.pak..localization\lt.pak..localization\lv.pak..localization\ms.pak..localization\nb.pak..localization\nl.pak..localization\pl.pak..localization\pt-BR.pak..localization\pt-PT.pak..localization\ro.pak..localization\ru.pak..localization\sk.pak..localization\sr.pak..localiza

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\headless_command_resources.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2874
                                                                                                                                                                                  Entropy (8bit):7.929554105128607
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:48:AAlAoYTpMRk3l4C9A+mVNJwTHTsf6vGpXEG9tqPrGBjTDn0owubFfa8yyHZda8Ff:fcTSRo2bNJeTsfWaGPrG50onlaQdaOQG
                                                                                                                                                                                  MD5:C804FF6690145A181A4F444DF0FFDF31
                                                                                                                                                                                  SHA1:03A873D07E7C75B604903459E3400CC8DD8E05C9
                                                                                                                                                                                  SHA-256:E5FF4FDB0367F89E030CDC1CCAAC4B848490EB7F64EEBD38A37C2BFEA61498EE
                                                                                                                                                                                  SHA-512:EE8397C7BAFC4ACC27F033A5F3742BD0F37DDC46D439B8E42B2849A623A5F41D8810DE79FACF53341D272A4562D6FD385725E629285DEBEA51B2F4AA2915D731
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.............i.....i......:.............-.1k.0.....Kv....h........."=G*.^....Uqo9...R..1g.w..mqv..e.~.x...,+..[.<.8/...!..........6C..tTR.@..P.Xq....-_#O.........4`.P......|...J.5........~.8.6...p.:..l.].l.Y._EY.................Y[O.H.~.WT.hlo..d.... .#.(MF......nO..o...C......6!.(...[}.R.T..#.nh.X2......j....U...-..v....#R"..:...............v.2.v~..M.Q]..6......b..$}S...u..N.N>.OPY.8......p...............>g..XA..?.....;-.!zy..p.U.....C.Y.'.....5..}.F"...z.".m...K......u..f."U.\..i6#r.Y ....B....m...U.f,_..A...J~jQ.@../n..9.`~._|H.v...!W.p..O..$...E..S.(..i...R..0.MR...N(..P.3..W-.........X..<.P..>z. ...F=.........."y\.........E..W...d.~6...Wk[..x`....w.......q..K.=q..B............."j)a$'.....K..).@..N....2~j..7...1F........._.q.^nH....#....j...n.#.Z...gP.......s.E4.k....CT...3C....Zq$5.|.lZ.;.I7U.&....Mq..W.....8A.T.*7AyH<(........D....kQ......PF7^=0....R.R(mZ...Cxx..._.b.Y...L/..........+r4.....Q9H....H=...-._>A..."h.(....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\headless_lib_data.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):962251
                                                                                                                                                                                  Entropy (8bit):7.975901301978194
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:VPVVG7Hq0cFDAh1y+cBpoO0TOcu/zNItYDCpD:VPG7HEZpDBKOcaBDQ
                                                                                                                                                                                  MD5:9CC5EF3D1B7D1446CC4B9683001E97EF
                                                                                                                                                                                  SHA1:E57A05B3A2DFDBE81B63990553371F9C17C82251
                                                                                                                                                                                  SHA-256:BA704D469107F14A6C34B6BC853707BAFD22BF908F8BB28252B777F02B6F3805
                                                                                                                                                                                  SHA-512:46A2B3E22DC14F5D126373E8A42D87F06C52583DD98A59C0E2D07F3DECA535F0FBBDCED2593A8BD15772AC87176E14AC42BE6372C93351FD29BDE9526CAFCBDD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........b...f.......R...........H.....Z......(....W...........".........................................O.....o.....M.........aj"...bjX...cj....djX...ej....fj....gjS...hj....ijR...jjX...kj*...ljJ....j.....j.....j.....j.....js....j.....j.....j.....j.p...jf....j.....j.....j....j.....j2....j.....jX....j....j....4l....5l ...6l....7l....8l....9l8...:l.....m!....n.....n.....nm....nU....nN....n.....n.....n\....n.....n.....n.0...n.3...n.7...nd;...n#<...n<?...n.@...n.B...n.C...n.G...n)N...n.S...n.T...n.Y...n.[...n.\...n>^...nF_...nw`...n<b...n.i...n.j...n.m...n.y...n1|...n.....n}....nZ....nY....nw....n.....n.....n.....n.....n.....n,....n.....nw....n.H...n.I...n.Y...n.....n....nO....n.....n.....n(....n....n ....nk...ry0...sy....ty$...uy....vy?...wy....xy....yy....zy....{y....|y|...}y\...~y>....y.....y.....y.....y9....y.....y.....y.....y.....yU....y.....y.....y ....y.....y.....y]....y.....y.....ya....y+....y.....y.....y)....y.....y.....y\....y.....y_....y.....y.....y.....y.....y?....y.....y..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\headless_lib_strings.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3121305
                                                                                                                                                                                  Entropy (8bit):7.980222567949498
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:LubwHD8J031/Lrwz3WBChxQx4isCeXOGEmUP9gOgpBH47xxnCEa3uFlrTPcauJif:abwHgu31/LrwrWB+Qc8mTHWCF3UlfPcm
                                                                                                                                                                                  MD5:8FDE8D26BBD02385CB63FB986FAD0873
                                                                                                                                                                                  SHA1:66B9EB7B4D0A5E021FEA075ED557465C85796362
                                                                                                                                                                                  SHA-256:2253B6E7409AB4B06026352B4496CA9964DDA800445303DFC040F0F131E054D1
                                                                                                                                                                                  SHA-512:36971DB4A4EC602D19E7CAE900DAA8FD648BF600EFB64B2845D8AA8C294AE64709393C21E72993BFE6B0A7E5C3A53131574BB2E4D3FFC7C548AA94112A895220
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........%.s....l.....l.....l.....l.....l....lm.....m.....n....+n.....n.....n.....n.....o....vo.....o.....p.... p....yp.....p.....p.....q....Tq.....q.....q.....q.....r....\r.....r.....r.....r...."s....Gs....^s.....s.....t....Ft....^t.....t.....t....0u....>u.....u.....u.....v.....v....\v.....v.....v.....v....Fw.....w.....w.....w....9x....px.....x.....x.....x.....y....2y....<y....~y.....y.....y.....y....Bz.....z.....z.....z....#{....l{.....{.....{.....{....3|....\|....g|.....|.....|.....}....&}....o}.....}.....}.....}....I~.....~.....~.....~....D.............................B.....b.....w................*.....9......................8.....}.....................7.....}.......................\.......................}...............=.....................>.............................F.....h.....x.......... .....Q.....f................2.....O.....Z.....b.....i.....l.....m.....u.....}...........................................................................?.....L.....V.....g.....y.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\icudtl.dat

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):10750576
                                                                                                                                                                                  Entropy (8bit):6.281341985010261
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:196608:oQPBhORiuQwCliXUxbblHa93Whli6ZU6WOH:oMwkDliXUxbblHa93Whli6ZkI
                                                                                                                                                                                  MD5:5784C2B7CA4736D45F771838D3DDA6E2
                                                                                                                                                                                  SHA1:82A1CD2E1221044773ADDF27A32575DF6C06ADF1
                                                                                                                                                                                  SHA-256:3A04D42D8C3149F2FC9350A16BDF2354FDDA46D68E3BA1ACE727E6DA2D98D17B
                                                                                                                                                                                  SHA-512:5E465A22EA41658A9A910FDBCE276E805A2D6FD4D042750E96F3AB95A5C92C5EEAA76A160F745AA66B44AB8EB3FCC37FCFE5907AE19E16EE2FBB2C10CB82104B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......F......,F...0..?F...1..RF...1..bF...9..uF...9...F...j...F..0k...F...k...F.......F.......F..0....F.......G......G......+G......>G..`...QG......dG..p...wG......G.......G.......G.. ....G.......G..@....G..0....G.......H..@..."H......5H......HH......[H.. ...nH.......H.......H..0....H.......H..@....H.......H.......H..@....I.......I......%I..0...8I......MI......eI..@...zI.......I.......I..0....I.......I.......I..0....I.......I.......J...3..$J..`3..7J...3..GJ...g..ZJ...h..mJ..Pk..}J...k...J...k...J...M...J.......J...$'..J...0'..K..01'.+K.. 8'.EK..p8'.\K...@'.sK...A'..K..@F'..K...H'..K.. K'..K...X'..K....(..L....(.$L....).=L....).\L...Y*.~L....*..L.. -+..L....+..L....+..M...W,.7M..@.,.NM..0.,.lM....,..M....,..M....,..M....-..M..`g-..M...h-..N...T/..N.. ./.>N..p.0.UN....0.qN....0..N....0..N..P.0..N....0..N.. /0..N..p/0..N.../0..N...[0..O..@\0.$O..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6896544
                                                                                                                                                                                  Entropy (8bit):6.821344034536639
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:98304:O++972SpVr5NHmjfFqy/ce50CD2UdjnMSrn2vTd:d+972ml5NH1HeqCbKs2h
                                                                                                                                                                                  MD5:38CA4FA9A427D35D0F3229E784ABACD8
                                                                                                                                                                                  SHA1:3585E728245C0CFB43B407A7EB12EE3D304E4FF4
                                                                                                                                                                                  SHA-256:97BAEAD81C48262E357C4F9699401793DB88535B482D086568C5C4677A3D5143
                                                                                                                                                                                  SHA-512:A13B0909EF72E03C8067F716ACBE97699B6BD05DA358852DD315FCD2317EC365154B7269D178A19E4BE01D4DDC6DDC319546F0F28287CB8480E2775EDFB98701
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........."...........d................@..............................i......ji...`.....................................................P.........b......;....i..)....i.$...L...8...................0...(.......@............................................text...k........................... ..`.rdata..Td.......f..................@..@.data...hJ....... ...f..............@....pdata...;.......<..................@..@.00cfg..8...........................@..@.gxfg...P&... ...(..................@..@.retplne.....P...........................tls.........`......................@..._RDATA..\....p......................@..@.rsrc.....b.......b.................@..@.reloc..$.....i.......i.............@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer_helper_64.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):613280
                                                                                                                                                                                  Entropy (8bit):6.219566766958555
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:hK1lTTI1REJl5n+Vak4i1lE+NkloonNSkd7NRN6EH8+nXeXooh8rP6UGz4gnq:E1D9kakF1lE+NqNbpRNukXKooWpGDnq
                                                                                                                                                                                  MD5:8C993870769665AAB5619C9C1EED78FB
                                                                                                                                                                                  SHA1:C3DFEEE609DDCE14CE243367F75D0567D5BA283E
                                                                                                                                                                                  SHA-256:32CDCAF6C2AC01C0EB02A684B02DC347F8BD0E672D727D6C1E1C32B4393023F6
                                                                                                                                                                                  SHA-512:196F7C80AA46247C0C1E7A53D848E96E41F39E133BB1A10FE080CB1AE3977ED706B33DEEE13AFF90A42D38E0D0DAB5B85D6D6631CE63C73261C168AFDD6425BA
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e..........".................@p.........@.............................0............`..................................................Q..x.......P....P...E...2...)... .......J..8...................pI..(....1..@...........XV...............................text............................... ..`.rdata..,....0......................@..@.data...tk..........................@....pdata...E...P...F..................@..@.00cfg..8...........................@..@.gxfg...p$.......&..................@..@.retplne.................................tls....)...........................@..._RDATA..\...........................@..@.rsrc...P............ ..............@..@.reloc....... .......$..............@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\launcher.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2294176
                                                                                                                                                                                  Entropy (8bit):6.471339679882766
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:EiOsyw8HMIc9BnsKgma2BbvosRMs1ONZlV:ZO4BsKgfIvosS3
                                                                                                                                                                                  MD5:C76F1E24C27D10347C3851ED2B7767C4
                                                                                                                                                                                  SHA1:42DF4C074792F81ACFD0487ED83BA42E69EA9122
                                                                                                                                                                                  SHA-256:85FCAFA1AFA1DF27CE6A79886FE1596BCA1BE5F4813808124C96EA088BAF11FE
                                                                                                                                                                                  SHA-512:2B3E8DF573381AA9482AB4B0347E716919A4AE03B1DA96F21C35B38E222A5EFD2F05C418B979614BD555693097CA15F0AB4BBA828BDA78FE9F90E7EB67917CB0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........."............................@.............................@$.....!.#...`......................................... ...b.......h....@". ..... .,....."..)... $.\.......8.......................(....C..@............................................text............................... ..`.rdata..8....0......."..............@..@.data...............................@....pdata..,..... .....................@..@.00cfg..0.....!....... .............@..@.gxfg..../....!..0.... .............@..@.retplne......!....... ..................tls..........!....... .............@...LZMADEC......."....... ............. ..`_RDATA..\.... "....... .............@..@malloc_h.....0"....... ............. ..`.rsrc... ....@"....... .............@..@.reloc..\.... $.......".............@..B................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\launcher.exe.1707230173.old (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2294176
                                                                                                                                                                                  Entropy (8bit):6.471339679882766
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:EiOsyw8HMIc9BnsKgma2BbvosRMs1ONZlV:ZO4BsKgfIvosS3
                                                                                                                                                                                  MD5:C76F1E24C27D10347C3851ED2B7767C4
                                                                                                                                                                                  SHA1:42DF4C074792F81ACFD0487ED83BA42E69EA9122
                                                                                                                                                                                  SHA-256:85FCAFA1AFA1DF27CE6A79886FE1596BCA1BE5F4813808124C96EA088BAF11FE
                                                                                                                                                                                  SHA-512:2B3E8DF573381AA9482AB4B0347E716919A4AE03B1DA96F21C35B38E222A5EFD2F05C418B979614BD555693097CA15F0AB4BBA828BDA78FE9F90E7EB67917CB0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........."............................@.............................@$.....!.#...`......................................... ...b.......h....@". ..... .,....."..)... $.\.......8.......................(....C..@............................................text............................... ..`.rdata..8....0......."..............@..@.data...............................@....pdata..,..... .....................@..@.00cfg..0.....!....... .............@..@.gxfg..../....!..0.... .............@..@.retplne......!....... ..................tls..........!....... .............@...LZMADEC......."....... ............. ..`_RDATA..\.... "....... .............@..@malloc_h.....0"....... ............. ..`.rsrc... ....@"....... .............@..@.reloc..\.... $.......".............@..B................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\launcher.visualelementsmanifest.xml

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):317
                                                                                                                                                                                  Entropy (8bit):4.996593526126476
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:ejHyaVic4subiL/bWHMjizddDhkQwYZXXKmJfFmkQwYEbghuPYEpwhugVFQ:eF8iDbWHMjizd2O/fbrghuP5whuQFQ
                                                                                                                                                                                  MD5:E8D8EAA4C2826C083AB9243B5CBD7BF8
                                                                                                                                                                                  SHA1:534361AE03417DFD14EBD6F961B707C75A2AF41A
                                                                                                                                                                                  SHA-256:B3213B07F691C812425115428B9D6E0637D488159E0A1C160C8FA8F04DED11F6
                                                                                                                                                                                  SHA-512:8ECCD5EF54A73E915A39CDEF9768837DD16E49AE27A3AE6428FB346C9C838FD9DBEDC3F40A9094754C770CA2236A0D2DFDE37D22289218D862AF5E8BC15E85E5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <VisualElements. BackgroundColor="#06030D". ShowNameOnSquare150x150Logo="on". ForegroundText="light". Square150x150Logo="Assets\150x150Logo.png". Square70x70Logo="Assets\70x70Logo.png". />.</Application>

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\libEGL.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):480160
                                                                                                                                                                                  Entropy (8bit):6.40242761130664
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:LVmesvX6ZsNBhoEJqfpIkNYygga04BcKRebwLM:cZv6ZmBhoEJWln54BvY
                                                                                                                                                                                  MD5:3ACC473E0D0AC70CE8E9FBB35D92B86D
                                                                                                                                                                                  SHA1:D576A67EC2E71EE73E0548FB76CECF798BFA34E5
                                                                                                                                                                                  SHA-256:38973A7ACC72AB08106B7F106630ADFF9B422A3F3E29775DFECDAA1237A45B14
                                                                                                                                                                                  SHA-512:B59F6CB29368D7964285959314CAC4BB5706AFD2EB5C5D08DBF92F3B294D990AE37ED7FA128B231A76805D4C3397025BD950B2D2B48A62EA41D80C16CD3523F8
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." .........$...........................................................`A............................................h...8...(.......H........A...*...)......H.......8.......................(...@...@...........`................................text............................... ..`.rdata..t...........................@..@.data....K....... ..................@....pdata...A.......B..................@..@.00cfg..8....0......................@..@.gxfg... &...@...(..................@..@.retplne.....p...........................tls....!...........................@..._RDATA..\...........................@..@.rsrc...H...........................@..@.reloc..H...........................@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\libGLESv2.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):7785376
                                                                                                                                                                                  Entropy (8bit):6.490783624840005
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:98304:7FYqwEz5PNrTVMt9UuM9n9/mZ2xaRIerK0o5xy+YXm3sqV:7FN7tUt9UXQRIRylCsm
                                                                                                                                                                                  MD5:C903757B89C2852C46AEF7E040792391
                                                                                                                                                                                  SHA1:76C84F8C7CED56EDB64F990FCBA1B07ABF249BCA
                                                                                                                                                                                  SHA-256:15990BC469C23264D4FE08717894CE4998E62ACD8869D3AF4162304ED9E6CA09
                                                                                                                                                                                  SHA-512:710F9E71D6FBD4DF1819B5C207FEDE3A84699AFA5BBB794289F55A2B879142D1664B5679F6ECDAD99239577C8FB57E81E7CC3AED2071815EB75DE4CE42F12AF1
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." .....J[..R........I.......................................w.......w...`A..........................................n.....K.n.d.....v.......s..V....v..)....v.......m.8....................m.(....a[.@...........X.n.......n.@....................text...%I[......J[................. ..`.rdata...`...`[..b...N[.............@..@.data.........o.......o.............@....pdata...V....s..X...<s.............@..@.00cfg..8....Pv.......u.............@..@.gxfg....,...`v.......u.............@..@.retplne......v.......u..................tls....B.....v.......u.............@..._RDATA..\.....v.......u.............@..@.rsrc.........v.......u.............@..@.reloc........v.......u.............@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\bg.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):804211
                                                                                                                                                                                  Entropy (8bit):4.786533013572949
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:VAdW1ZRh3QWnN/fhIWIu6g2HK2zxMfvYvdAs1aEUiVbZ7q3lNKVDxL0s3ySCH0Rp:edBWnFIlK2zxMfvYjUiVbZqzKVDxL0sv
                                                                                                                                                                                  MD5:6473CEEA755B8DE138BC6B62811DFEEC
                                                                                                                                                                                  SHA1:56A6C77A06708C1BB42FA20A685A738A440B8E85
                                                                                                                                                                                  SHA-256:62ACE5BBE86926657387ADDF4396E2447E22B6B319A8B3E0C3B31B88A0085924
                                                                                                                                                                                  SHA-512:5C3374265D389AE55457479E68A9F02987A230F2C6542C9C155546EB13634D42ABD8CF98460E8D9F6989326D6D28D89FECB3207259B1543B047D54C280842234
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........!%..e.P...g.X...h.]...i.e...j.q...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}. .....(.....-.....5.....=.....E.....L.....S.....Z.....[.....\.....a.........................................S...........[...........{.......................^.................O.......................A.................F.................D.....0...........P.................b.............................d...........b...........w.................M.....................................................D.....k...................................B.................i...........Y...........(.................. ..... .....!....r!.....!....'".....".....".....#.....#....<$.....$.....$.....%.....&....='....o'.....(.....(.....(.....).....).....*....a*.....*.....+....7,.....,.....,.....-....u...........^/.....0.....0.....0.....1.....1....j2.....2.....2.....3....z4.....4....05.... 6.....6.....7.....7.....8....y9.....9....A:.....;.....;.....;....7<.....<....b=.....=.....=.....>.....?

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\bn.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1032955
                                                                                                                                                                                  Entropy (8bit):4.376919270271039
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:IseJ9J++6Ojrk1gtrxq21aRGiH19OFbBTFW1+1slRjnM:3eJ9Y7DOF1uCbNFhGk
                                                                                                                                                                                  MD5:E59A4AE01F2609DFAD3178AF753E8388
                                                                                                                                                                                  SHA1:70E60F97A2FD9393C39D64C7451F7585369E0235
                                                                                                                                                                                  SHA-256:6004A37537E5D7A3E63D6631F2C02C0907A615451F2851F28351E805A4717452
                                                                                                                                                                                  SHA-512:6429D85BB60A29E329C52AFEB5356DF9CD0079354B5BBE77D8964D943E1E1839376A21E29FC592F72B68FE3071D542EBF8BADD5AA0FE80B7A17CECE2535C9308
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........B%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.2...w.?...y.E...z.T...|.Z...}.l.....t.....y.............................................................................7.....t.................d.................l...........E.....j.....d...........a.....Y.....8.......................b.......................b.............................l.............................u.....d.....4.......................f.............................x.......................l.................!.....g...........B.................6...........c ..... ..... .....!....H".....".....".....#....C$.....$.....$.....%....1&.....&.....&....P'.....'....<(...._(.....).....).....*....(*....J+....f,....1-....y-....s.....B/...../.....0.....0....)1....g1.....1....e2.....3.....3.....3.....4.....5.....6.....6....H7.....7....%8....Z8....?9.....9....H:.....:.....;....1<.....<.....=....D>.....?.....@.....@.....A.....B.....C.....D.....D.....E.....F....KF.....G.....G....RH.....H.....I

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\ca.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):509235
                                                                                                                                                                                  Entropy (8bit):5.4339629194385095
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:YPIQ8yz7Y6ybGbf1bCCrz+W58riURkcvKOl3nRWg+O5F5ibSFRoCQrGy4SHN1e92:Ygp8U/V5nRrXk2g0tjPeX
                                                                                                                                                                                  MD5:0580D2114A505397B0CEF4FAF1CE9062
                                                                                                                                                                                  SHA1:B3C199E399B851FE2ABC397E3717B1E3909B56A2
                                                                                                                                                                                  SHA-256:375400C9F8673228FD141E9D7AB970BCCD752E01E46A5B8170E1439B3ECEF120
                                                                                                                                                                                  SHA-512:67F822CF631C08961953D638AAE1C010D66C473A647885AB1E6245A88F865AE1DD29BB1111166A55F699C611224F7E5F663DDF1010D750C2B4068559E8198347
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.>...g.F...h.K...i.S...j._...k.n...l.y...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................#.....+.....3.....:.....A.....H.....I.....J.....L.....f.......................d...........`.................T.................I...........-.....L.................G.....d.................F.....Y.................=.....N...........8.....z...........-.......................u.................1.................".....6.................Y.....t.............................{.......................g.......................E.......................E.......................T.......................A.............................e.......................U.........................................R.......................M.......................d.................3.......................s.......................V.......................`.............................6.................C.........................................;........................ ..... ..... ....'!

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\cs.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):502673
                                                                                                                                                                                  Entropy (8bit):5.866616725282955
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:4gMkdlsM/TOimzetrNOBs8SBB8QKssA1JjbiLqvv4OT:4gddls+DmzetrNO68SnrH
                                                                                                                                                                                  MD5:86054BF4C6429599BCEA1A0E794CCAE7
                                                                                                                                                                                  SHA1:4BDD15B9CA09EE20FE7C76F3BD229130A265B4FD
                                                                                                                                                                                  SHA-256:F1E24FB55ABBB7A01AFF4C2A5AE151701A05EE40235FB8ECDAA3D12AB1BFC34A
                                                                                                                                                                                  SHA-512:C5568019B9BC48DC864B506724BB43DEFF50F62E91093AFC534239261164BC8590B75430CF44CABC0376C7998ED94F52F63588FEDC4B28D8F13675FCBBE50368
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$=.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.........................................................................................|.................^.................&...................................8.....P.................F.....Y.................).....<.................F.....l...........}.................Y................. .................(.....8...........(.....g.....|...........w.................2............................._.......................?.....d.....u...........B.....{.................R.......................C.....n.....{...........E.....}................._.................#.......................L.............................e.......................l.........................................T.......................Q.......................~.................6...........$.....e.....w.............................g.......................q.......................u.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\da.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):466623
                                                                                                                                                                                  Entropy (8bit):5.497729824929994
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:pPqY+H12lHXZRwzVW4FsMhL+s0d46RGwPwmzZhNqENiQ3pqj7N7DecFsppK0lpB4:tYH181MhuR77qENiWKFK9TB4
                                                                                                                                                                                  MD5:AA6980D61FD803D14F70AE552797CD68
                                                                                                                                                                                  SHA1:EDB00FC9E304D8C61920AB74B84BA2C5F280F599
                                                                                                                                                                                  SHA-256:234ABF4BA8682A26063D8107C3626979BDD3686B00E6A0E54089C2D5809E2875
                                                                                                                                                                                  SHA-512:63FCC92124C7AD4C4F1C401AED02667E3FAEB64FB3F6A8969AFAD747C5FC6624C0D7FD91398414B673BDCBC0B5BBB00614FB8076C7E04F6A46585AB96956CD6B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$..e.....g.....h.....i.....j."...k.1...l.<...n.D...o.I...p.V...q.\...r.h...s.y...t.....v.....w.....y.....z.....|.....}...............................................................................3.....G.....`...........G.......................y.................Q...........&.....B.................B.....V.................,.....9.......................%.......................7...........#....._.................\.........................................Q...........%.....?...........X.................&.............................f.......................?.....c.....q...........7.....h.....{...........<.....l.....|...........0.....[.....h.................5.....?.................%.....3.................w.................D.....k.................!.....?.....W.......................+.................M.................<.....a.....z...........G.....w.................9.....w.................n.................V.................3................./.....A.............................m.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\de.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):508744
                                                                                                                                                                                  Entropy (8bit):5.526111701363247
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:4w8ABBbRsgWL93OUnz8Cxldz8bSuT3P94x1SmlmkVQiEmX:dZ5UoCxr8Tf9fz8X
                                                                                                                                                                                  MD5:D7DE72052ECF5DAA6103F19BF3942887
                                                                                                                                                                                  SHA1:F9F6AD8BEBF9EECED54A47F6CACBFACD805F86A5
                                                                                                                                                                                  SHA-256:B8067E58254CA6BE29A0839AF9A8409296517C8868815F1166711B9B9FA971F8
                                                                                                                                                                                  SHA-512:851C5F840AABC816FB4282F8DD935844A1C3744F988CBBE50A63C9A916BEB49C94EF29C072C842BCC0DEF70292168929BDC54781C7E1A720C669CD308FF3A920
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$\.e.T...g.\...h.a...i.r...j.~...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.-.....5.....:.....B.....J.....R.....Y.....`.....g.....h.....i.....k.....|.............................7.................$...................................=.....W...........M.........................................9...................................4.....V...........l.................G...................................V.....h...................................>.................#.......................4.......................G.......................v...........@.....W...........E.....|.................s.................%.......................T.............................I................. .............................{.......................~.................S.................?.................*.....A...........&.....R.....e...........\.................3............ ..... ..... ....2!....n!.....!....."....."....."....."....*#.....#.....#.....#....S$.....$

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\el.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):869279
                                                                                                                                                                                  Entropy (8bit):4.877941125668382
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:RWs01fjWCKb9wBZKD2x0EbvL7FMrX+mIeJdlmipqpWbIzK0Yt2cd9oM6zberOykm:Rb01fjWCKb9wBZKDFEbvL7FMrX+mIeJv
                                                                                                                                                                                  MD5:60D08DAE18FD40747887DE8F5ED564B8
                                                                                                                                                                                  SHA1:3D2BE8AEB79F50A494A0ECBCACE1A9798EEAA473
                                                                                                                                                                                  SHA-256:7BD6FB6D3F7CA1B6448D83ADC98910ADA9B3CE34F6871F11A1A5E6CC665A371E
                                                                                                                                                                                  SHA-512:50224E66DB5C451FA9C42A2F6E993B51F69CCA3B670B571CDDE5EC0F2768CF7B985663636B083A6A15282A5E5B742ED432CC87F4818DE84041436121EC42D4C7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$..e.....g.....h.....i.....j.....k.....l.....n.%...o.*...p.7...q.=...r.I...s.Z...t.c...v.x...w.....y.....z.....|.....}...............................................................................T...........................................................E.....M.....!................."...........7...........4.................;...........o.......................q...............................................e...................................C.....4...........x...................................o..... .....l...........C...........9.....^.......................-.................N ....y ....B!....."....p"....."....j#....@$.....$.....$.....%....J&.....&.....&....~'....B(.....(.....(.....).....*....h+.....+....m,....5-.....-.....-....n...........-/....I/.....0.....0.....0....!1.....2.....2....J3.....3....G4.....4....-5....T5.....6.....6....?7....q7....\8.....9.....9.....9.....:.....<.....<.....<.....=.....>....U?.....?.....@.....A....(B....YB.....C.....C....HD....jD....qE....kF

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\en-GB.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):410751
                                                                                                                                                                                  Entropy (8bit):5.554486356490802
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:aXQq7qF/f4rkBc1Rz9zf0yvzaKgU46d92WRg:EP7qOrlrXn46lRg
                                                                                                                                                                                  MD5:7E80E58FC590DD49E1ADAA5FFC94303B
                                                                                                                                                                                  SHA1:3BB1075A93D4CD7D60D7DDECD573FACE4848BFD3
                                                                                                                                                                                  SHA-256:D8B7615CE7A44DF67C12F4B2C511695AA5705D00AF2A10D63615D68B2EE8FFE5
                                                                                                                                                                                  SHA-512:E3928C6DA1BAE5F87058CE585727410703E224607EA977A4FD486986CC4BF2EC579648B071B09E8B436E6D3749C5CF2AE86A94715559F8C116D29C6B44D8E5EC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........3%..e.t...g.|...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.#...z.2...|.8...}.J.....R.....W....._.....g.....o.....v.....}.....................................................:.......................N.......................D.......................H.......................$.....j.............................U.....b.......................4................. .....8.............................h.......................6.....~................. .....~.......................J.....e.....t.............................X.............................j.......................F.....s.......................6.....A.............................I.......................".....{.......................Z.....}.......................9.....N.............................j.......................Q.............................[.......................?.....w.................b.................!.....x.................&.....n.......................2.....T.....d.............

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\en-US.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):413189
                                                                                                                                                                                  Entropy (8bit):5.552566492820274
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:3xoXazA0EeHjErnngn/C3ZwiAbyvbBw5/26O9bUR6:3xoXBq4r5ZwBaG26PR6
                                                                                                                                                                                  MD5:606C30A8D35DA73F2C39B6699465C45B
                                                                                                                                                                                  SHA1:97BDAAE7FC9486352FFB25A62323F45BF8F5EA4B
                                                                                                                                                                                  SHA-256:C4C45E0DA2CEF56C79E32E678D5C8D33D14E4A8636CB82AED18D3424CC433699
                                                                                                                                                                                  SHA-512:37FD8635B236C9BDB8E422E32BB47D6CEA6F8C47B52FBB04D018AAA2717F0BAC9320928A217F6106C1E1034571864482D7EFB44951BCA560E5AE3222533169A9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........T%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.7...v.L...w.Y...y._...z.n...|.t...}.................................................................................................w...........#.....6...............................................+............................._.......................$.....g.......................-.....R.....i.................Q.....i.................;.....I.............................g.......................Q.......................D.....{.............................=.....G.............................M.............................w.......................>.....g.....r.................&.....1.....z.......................T.......................O.............................M.....m.......................5.....D.......................C.............................B.......................'.....g.................#.......................H.......................I.............................Q.....s.................+.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\es-419.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):497838
                                                                                                                                                                                  Entropy (8bit):5.407436827719351
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:xrsmyRMOHlp70XvEXuHkd/Vfm+dJGGqYSlcoyEKG2BrpB3F9iB3KiI4:xA/RM6lpWvaum/5GcoyfYaid
                                                                                                                                                                                  MD5:E0731EE8CD647DB19BFD822D7FCB67A6
                                                                                                                                                                                  SHA1:EE63F1019F062AAE3B009F41B38462473DCD7F9D
                                                                                                                                                                                  SHA-256:11E649A8C5F030A70E979C7352ACB7F65B889377CE196037302EF47A832359A3
                                                                                                                                                                                  SHA-512:7CC423EB788D9F159B14D954FE5F4AACA9F9A21DFE2D665F9C3CF9D83FE1783B6B9B4677CE4596CA3C7CB960FCC9960E60F633B67F2ED5A1A18BFB62792D4A5F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.@...g.H...h.M...i.V...j.b...k.q...l.|...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................&...........6.....=.....D.....K.....L.....M.....O.....a.....v.................5...........).....D.................a.....y.........................................7.....R.......................2.......................(...........".....h...........!.......................p...........!.....4.................G.....^...........J.................E.................D.......................%.....{.......................r...................................=.....P.................R.....^.................;.....F.......................).................7.....G...........:.......................a.......................c.................T.................%...............................................u...................................4.....N...........c.................n...........-.....[...........A ..... ..... ..... ....2!....U!....h!.....!....Y"....."

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\es.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):494787
                                                                                                                                                                                  Entropy (8bit):5.3950461154341935
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:8O7ajRykLs12SjsriKB7ev6PZZk8jOf19Xgc+JMLyOm+KnwzP1X7jHUo0WyE:80aj8Uii7eSw7ZLyU7jXnyE
                                                                                                                                                                                  MD5:70CC8ABA977446D14D4E911610F6CB0D
                                                                                                                                                                                  SHA1:465E6C14ED5CD6F3C23745395CD327F2182099A2
                                                                                                                                                                                  SHA-256:942621FF43034FC6310E3B097C3A08625D0B0DC16B7087CB327F10C85CCE0D64
                                                                                                                                                                                  SHA-512:3EEA1EE1DB3C980CB037F288EA589136F3828FFEF9E9F3B8C10D73551C40352CC0C5F69014A1933CF3F40B6ADB76DD219E6ACCA855B792536870C102075CD3A1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.0...g.8...h.=...i.E...j.Q...k.`...l.k...n.s...o.x...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................%.....,.....3.....:.....;.....<.....>.....Q.....f.....{...........)...........!.....<.................d.....z.........................................3.....N.................8.....H.................2.....C...........=.................1.......................u...........#.....4.................@.....U...........I.................A.................*.......................(.....~.......................p.........................................,.......................!.....u.......................\.......................S.......................b.................8.......................7.........................................:.....M...........B.................'.....s.......................q.................1.......................w...........[.....r.............................q............ ..../ ..... ..... ..... .....!....v!.....!

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\fi.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):463392
                                                                                                                                                                                  Entropy (8bit):5.472777831938294
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:PkZnG19CPf2IEqWaNT4YfXlplzvIViYHtYlVtyKXbUkc1JQ:P0D2PmudI1
                                                                                                                                                                                  MD5:1FA82B7C349BB552462B8DDCC1C516C2
                                                                                                                                                                                  SHA1:BCEBF029B0B7D82532398526BD2FFD61B8E3703A
                                                                                                                                                                                  SHA-256:070A9E08E7B31282619AA22EAA53DB053E9C5D7EFE26AA5A7ADFCCD304987066
                                                                                                                                                                                  SHA-512:3D567CB6CC18A9038AB41B5B6ADCFE1E65719344FD674D8964E34D5A9B079C580AF6B0E8FFE65A73E3B1818E34A2ED5FC4E642A60DC75C26524B8256D3BCF098
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$M.e.r...g.z...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.$...z.3...|.9...}.K.....S.....X.....`.....h.....p.....w.....~.....................................................d...........7.....J.................C.....V...........3.....m.................W.......................L.....y.......................=.....M.......................9.................^.....x...........*.....V.....l...........,.....[.....p...........-.....^.....|...........f.......................q.......................D.....g.....u.................).....5.............................d.......................I.......................%.....|.......................[.......................n.......................`.....|.................@.....b.....{...........>.....b.....q...........=.....t.................&.....=.....L.................-.....?.................4.....N...........Q.................".......................2.............................O.....h.....x...........,.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\fil.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):517013
                                                                                                                                                                                  Entropy (8bit):5.305512565004012
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:OBiz3jmCmgogFpPVD5ZPvyLWCy/bK+fmX:5toWQWCyKBX
                                                                                                                                                                                  MD5:D6155A09459E3BDE17A61C33E3C02671
                                                                                                                                                                                  SHA1:0D4E4C2686C072D8788A0B6B19FB4B8244B179FD
                                                                                                                                                                                  SHA-256:BB91A553AEDD5724837C09EB2363AFD5790BC282402B50F91E069C2EEAD3B732
                                                                                                                                                                                  SHA-512:C0FDD197AA25150F4774068F7946C817F1AE61A13B0535F7F531251F9431B54E07CC58FB49F94726ED0E77E594034244F57F50D6C8C36064451A3430037817EB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.....g.....h.....i./...j.;...k.J...l.U...n.]...o.b...p.o...q.u...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................$.....%.....&.....+.....8.....Q.....g........... .................-...........$.....i...........&.................:.........../.....s.................S.......................f.................=.............................3.................".......................q.................7...........2.....|...........+.................9.................#.....@.......................#.....x.......................}...........(.....>.................@.....O.................D.....R.................D.....R.................G.....U...........V.................'.......................!.....s.......................p.................:.................*.......................5.................F.....a...........U.................^...........a ....w .....!.....!.....!....."....~".....".....#....7#.....#.....#.....$....-$.....$....#%

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\fr.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):528796
                                                                                                                                                                                  Entropy (8bit):5.429448798126092
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:gO4U1B1h4HQLKpz2yxPgxPIHSWtTr/lNKZ/rMYnYbnBe3zZGAJgXJRCvB2gjSWWl:4LK8+GA+n
                                                                                                                                                                                  MD5:BD2E22400E811266BDC4033912E456C2
                                                                                                                                                                                  SHA1:06758D64BD65C47DBF5ABED28279AB4223ADF355
                                                                                                                                                                                  SHA-256:CDEAED60E590FEC735AE848C1C7F054146399DFF949D6209B3DB7C4150AE13D2
                                                                                                                                                                                  SHA-512:388F3C5EB7CEA69D772FF79A25E9D67586700716808963B0A9C3AF5B3F8F36A8678447282F4D90D9C4C973ADFB21177C801FC9C069EF48283C7049EA75F7891D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.....g.6...h.;...i.L...j.X...k.g...l.r...n.z...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................$.....,.....3.....:.....A.....B.....C.....E.....U.....f.....x...........,...........L.....n...........U.................=...........".....>.................m.................J.....v.................Z.................5...................................>.....b...........@.......................i...............................................#.......................d.......................^.......................d.......................|.................-.......................0.............................{.......................z.................A...........%.....<.................0.....N.......................$.................*.....F...........Q.................-.....|.................-.......................z...........,.....L...........J.................8.................. ..... .....!....h!.....!.....!....0"....]"....q"....."....]#

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\hi.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1060976
                                                                                                                                                                                  Entropy (8bit):4.405231340898169
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:upcJGR03YAb9Ky0+NpTV/BB0ZV1d1EGZDS71exEWUu2bhtWi2V8nC5kb6AbWLgeS:upnR4YAxKEOwMLA8He
                                                                                                                                                                                  MD5:E8C9AAB233B99B6F644E073F272EF1B5
                                                                                                                                                                                  SHA1:346CEA2917FCF52BFA13EA1281F9AF0AB1C73627
                                                                                                                                                                                  SHA-256:B4AD8B7E076675CAE9E7D326BC38E540664D4DE1BC8487841658B364DA1B4DE0
                                                                                                                                                                                  SHA-512:3BA61F6EB7817E49E04BA86CFE12CB419EB18118539F66AEFC0585C2BC19B91E1DD26E7B7723955C64323860D643A1A077A20ED8D2002BE9A22297B1B06A1B0B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........!%..e.P...g.X...h.]...i.n...j.z...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.).....1.....6.....>.....F.....N.....U.....\.....c.....d.....e.....g.............................>.....D...........:.....6.............................B...........u.....h.....4.......................s.......................G.......................h.................%...........u.................]...................................8.....C.....(.................=.....:...........3.......................4...................................L ..... ..... ....z!....8".....".....".....#....G$.....$.....$....p%.....&....p&.....&....1'.....'..../(....H(.....).....).....*....8*....E+....6,.....,.....,.....-....`.................t/...../....(0....M0.....1.....1..../2....[2....I3.....3....~4.....4.....5.....6....[6.....6.....7....j8.....8....*9....-:.....:.....;.....;.....=....M>....7?....h?....v@....FA.....A.....B....EC....'D.....D.....E.....F.....F....0G....wG....tH....@I

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\hr.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):493647
                                                                                                                                                                                  Entropy (8bit):5.562173513123377
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3072:suBLkZQV30FNNJA03DLxicP2aBV08LQfvBAGC7xuV9c3RqF7caDn3LWO5AHs1lBd:b+QVkTN93HxHXqAgcPqh0wg5ar8C0Tw
                                                                                                                                                                                  MD5:167E2468D8A4C53E8D32697F4911D8E4
                                                                                                                                                                                  SHA1:F2E39D8979AADE8FD12EC5FF3118F99D468F1BCB
                                                                                                                                                                                  SHA-256:DBBF5A6FE66C08D50AFB68DD2C59F6FF8C190F33F1945D6F3A71DFBE171B0001
                                                                                                                                                                                  SHA-512:F0F8D7BD14252151E9D4F67E78670AE6381D92385F6F9B440A1F37659419A3A1B80377F96A19F30053F2CFC5137F65A9B98B0BA6B3D50515DDF5EF0CE02DD60C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........9%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.,...y.2...z.A...|.G...}.Y.....a.....f.....n.....v.....~.................................................................p...........^.................K.........................................j.................!.....~.......................r.......................q.................%...........".....v.................d.................$.......................F................. ...........9.......................o.......................I.....k.....|................./.....?.................9.....N.................+.....:.................=.....R.................%.....5.........................................X.....s.................5.....R.......................8.......................%.................J.....{...........&.....K.....a.................`.....y...........Z.................R...........-.....?...........'.....e.................L.....{.................).....G.....Y...........5

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\hu.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):526476
                                                                                                                                                                                  Entropy (8bit):5.673633958440337
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:mMVtkmDjAJDlgtqCWRhqPCwtGEmewL9X2BdpEN/3ICzqPHzA9skatED5HGTZfp67:HtkmHKJICHhBYALD5HGyEb+X
                                                                                                                                                                                  MD5:21F4E2BE311873BA5EBC6402CD709FF4
                                                                                                                                                                                  SHA1:B7327CAE62BD134390468CB58BCDB4AAF66F174E
                                                                                                                                                                                  SHA-256:E7BF364CE1D240ABA4F489B393FBC7E01872E71D6E68549875D7FB08AEB59A6A
                                                                                                                                                                                  SHA-512:5AD624FE2BA0520E8401A92CA67C0A284AD84444EE6C29C6E195F7BA9F32ED46254AD7BBD7491F953E16E9062EF92C3AE4A8D13C6F34BE01568AFCDA20622EF1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$4.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.#...t.,...v.A...w.N...y.T...z.c...|.i...}.{.....................................................................................................k.................o...........9.....L...........P.................L.........................................&.................5.....V...........V.................`...........E.....i...........O.........................................`...........#.....=...........`.................I.......................y.................1.................4.....L...........n.................B.............................9.....}...................................G................./...........D.........................................7.......................M...................................V.................B.....f.....~...........A.....n.................w.................v .....!.....!.....!....?".....".....#....C#.....#....R$.....$.....$....%%.....%.....%.....%....^&.....&

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\id.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):446894
                                                                                                                                                                                  Entropy (8bit):5.4246151431172684
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:8iD5d6ksTNOWkX9lZpjwkK5YFSzvHVhGMtaNBesIWDM:8cd9hWkjZpsV1taNSWA
                                                                                                                                                                                  MD5:10E18CB02EB994F07E3A97D862445D1A
                                                                                                                                                                                  SHA1:E8967E1850C3BECDD18BD376C1222F7BD91E3E9C
                                                                                                                                                                                  SHA-256:2B5124827DA75518EA801AE15DFD2D368D34BA161AC7093341C5B2E253661C26
                                                                                                                                                                                  SHA-512:730E068DBD4D135CF9FEBD62B08B73A3D8BCA9AA3A048F8D1001189CC4384A7ACCC0432E946415CE5287657A7527F12A41D7A7A7C08196DAA814414FEECC2B75
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.....g.$...h.)...i.:...j.F...k.U...l.`...n.h...o.m...p.z...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................!.....(...../.....0.....1.....3.....A.....S.....c.....u...........[.......................\.......................\.......................v................. .....q.......................B.....c.....z...........9.....h.................D.....v.................0.....Z.....g.................<.....I.................J.....]...........8.....}.......................0.....A.............................S.......................,.............................d.......................<.....h.....r.................B.....N.......................;.................%.....7.............................:.....z.......................X.......................<.....m.......................-.....;.......................*.................".....;...........3.......................e.......................l.......................3.....R.....b...........!.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\it.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):495016
                                                                                                                                                                                  Entropy (8bit):5.3289754384955605
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:8jXxgnn0s/NVsIefGBAFK54qG0eiqMvfrCLSny5kxAjNumsQmYgDcGujgNz7JRTm:8FgnPjCL6ZO28gyY+
                                                                                                                                                                                  MD5:D331E2448BC65868892BB30E2488D5EE
                                                                                                                                                                                  SHA1:A8C6A33F2A3603B9812172197BA4B479BD286C25
                                                                                                                                                                                  SHA-256:2F95BE82147111FB8909A901AA2A98727FDC3B354191DB5BE67A26639422B82B
                                                                                                                                                                                  SHA-512:34CF8FFCE42D6EB3C32A02A1EFA44F3973CA46326CC39518FF8F88D60CE97BA03EC66CCC18B7A038B99149ABD5A50F68D236586F15E6855F7482E05733ADEF2F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$..e.....g.....h.....i.$...j.0...k.?...l.J...n.R...o.W...p.d...q.j...r.v...s.....t.....v.....w.....y.....z.....|.....}.........................................................................0.....D.....].....n.............................y.................'............................./.......................\.......................+.....t.........................................t...........C.....h...........7.....}.................N.......................u.................\...........#.....A.......................9.............................U.......................8.......................@....................... .....n.......................B.....p.....y.................O.....Z...........A.......................K.....t.............................2.......................!.................D.................".....H.....].................#.....6.................n...........#.................*...........$.....p...................................6.....v.......................x.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\ja.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):595020
                                                                                                                                                                                  Entropy (8bit):5.823647817476678
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:FS1gHw/9uwwmD5/PHlV8fBednyyYNaQ36:kSi1dPIednyyYsQ36
                                                                                                                                                                                  MD5:9E63F118253E3515A92946F39B4EFD0C
                                                                                                                                                                                  SHA1:BED8621CB00150D4F02BD123ED16F1BB916146A5
                                                                                                                                                                                  SHA-256:21F1CC7F47C11455057E48D629AEC3758BF71444D30F329E15B6C8CB1B714612
                                                                                                                                                                                  SHA-512:246D264B23033067E6D81B330740A50FAB4D97ACF0B2DC6C96BA5DA0CEE5AE4B60EC614A57546041AC9D9BD03FFC1976A9BBFC8F84926EA158E5743D09867A4A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........^$..e.....g.....h.....i.....j.....k.....l.....m.....o."...p./...q.5...v.A...w.N...y.T...z.c...|.i...}.{...............................................................................................?.....`.............................u...........).....A...........l.......................K.................`.........................................%...........!.....X.....}.............................d...................................#.....2.................J.....Y...............................................!...........".....c.....~...................................3................./...................................O.....a...........L...............................................9.................9................................... .....A...........-.................5.................3...................................!.....a.....|...........Q ..... ..... ....I!.....!....Q"....f".....".....#.....#.....#.....$.....%....F%....g%.....%....U&.....&.....&....:'.....'.....(

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\ko.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):498162
                                                                                                                                                                                  Entropy (8bit):6.165588605643824
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:cCp7VymsTG+tlq7Hh1mrOeUrA1iNa5Z6xzSKdKV2WBMV:kGLnr68
                                                                                                                                                                                  MD5:8B2E24140559B0EECB76E117DA167636
                                                                                                                                                                                  SHA1:A3B240E2D5E5A6E2E534F7CB0BE76D1E8B5095FB
                                                                                                                                                                                  SHA-256:403A641CC5BBAA775C4198DC4B3D1295D6EB3F893FF53C623CF9C233A73DD1B0
                                                                                                                                                                                  SHA-512:60AB6B849133D01766DB18D9BAFC1981461484C7E5D7AD76C8D653A836279ECAA7AB351991DD8D9993207679FDB689BB6859FEDCC9985C95FDEF286E7B92928A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........7$..e.|...g.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....y.....z.....|.%...}.7.....?.....D.....L.....W....._.....n.....s.....z...............................................P.................(.................B.....U...........9.......................c.......................w.......................{.........................................?.......................X.......................L.......................K...................................D.....[.................1.....H.......................#.....{.......................{........... .....<.................4.....D.................?.....R.................>.....N.................=.....M...........B.......................M.....n.................H.....p.................S.....y...................................=.....z.......................[.......................O.........................................`...............................................v.......................k...................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\lt.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):527910
                                                                                                                                                                                  Entropy (8bit):5.6672870650640625
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:g/Vqwla5s7wPI2KiHhbXa3ctYnj/O2IZ6Sx9CsTOWwaVfxP2g:a5a5s7+IjiHh4nj/E6Sx8sRwmN2g
                                                                                                                                                                                  MD5:57C65082E6B8196853B3091964F44CAD
                                                                                                                                                                                  SHA1:160FE1859016122DBC1C8DE9BC3B42438B1687DE
                                                                                                                                                                                  SHA-256:1842413F04148D4B28E25332BEC45201E416E2E060F7A72C1887843AAB8223BB
                                                                                                                                                                                  SHA-512:CE2F1BED4103D176905C2DD9C36AFBC80A2E5BB58EB276028E06EBFF6A5062D7AD6BF6DF715D21A1CD339678FA65452D01409BD09C0F53F6096493AACF1A1388
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.....g.....h.)...i.:...j.F...k.U...l.`...n.h...o.m...p.z...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................!.....(...../.....0.....1.....3.....A.....].....q.............................!...........7.....~...........1.................%.................T.....n...........g.................%.......................x...........&.....K...........^.................6.......................k................./...........G.................8.................4.................=.....X...........;.....k.....}...........i.................).......................n...........(.....7...........5.....p...................................7.............................&.....y.................}.................X.................=.........../.....e.....}.............................m.............................2.....t...........% ..... ..... .....!.....!....U"....."....."....H#.....#.....$....*$.....$....\%.....%.....%.....&....s&.....&.....&....,'.....'

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\lv.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):526147
                                                                                                                                                                                  Entropy (8bit):5.670589583133561
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:59QUMRO9B28c9csRHy7/157YXNGBi57ArMkHrpmNxtVFL88RJet8Dssr4Atgd:5SnRO9v7d5QG1MkHiMJ7
                                                                                                                                                                                  MD5:6B012E871C0286506C1F34CACF3EFAB9
                                                                                                                                                                                  SHA1:8F9DEC6080A5A2B9669C585B0FDE7C0E941C178F
                                                                                                                                                                                  SHA-256:92C1EF8C144EA3EC340FC041C5854F8FD19F4FB3A9AF39E944ADD8332647514C
                                                                                                                                                                                  SHA-512:15BD2FD467F671F8A3D74B5E8174B1A45EEBC8B3BA366EBEDEF465859564836CC88A336C5053C7DCF3CCB661A13683C182CBECC104F6207765867AD4F801BDDD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........,%..e.f...g.n...h.s...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.'...|.-...}.?.....G.....L.....T.....\.....d.....k.....r.....y.....z.....{.....}.............................|.....8.................%.............................8.................$.......................o.........../.....:.........../.....g.....y...........i.................Z...........R.....v...........w.................5.............................2.....z........... .................7.................(.....>.................4.....F.................@.....T...........e.................%.......................P...................................8.....I...........A.....|.............................).........................................R.....r...........A.....f.....u.............................o...................................O.....h...........f ..... ..... ....`!.....".....".....".....#.....#.....#.....#....j$.....$....,%....<%.....%.....&....)&....K&.....&....b'

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\ms.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):461241
                                                                                                                                                                                  Entropy (8bit):5.319316110667384
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:R6sL+DhW+aYm7iMKn8cEO8wPtvfOQxCHUlp2ThM2:R6CyhWuaInNEO6Qxpy9B
                                                                                                                                                                                  MD5:9ECBA46C5EE4206B17EEDB8EEF59A8C2
                                                                                                                                                                                  SHA1:022475B57BAD57C693F6A850BDF2183A61E8C59C
                                                                                                                                                                                  SHA-256:5AD9DB4490DD5B84B615AB26D99C24C7C91E43E7D6CAEB35E8F32F244EFC3752
                                                                                                                                                                                  SHA-512:BD9E584EAAC5402249F72C9C4C9CF850BFE8BEB43CAFCB9FC12612BCA4C17BC6EB3B603D465DEAC19FB1F1EC23C5DC76D28BBCFA416A1E45F615F107F4CD0047
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.....g."...h.'...i./...j.;...k.J...l.U...n.]...o.b...p.o...q.u...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................$.....%.....&.....+.....>.....S.....m..................................._.......................s.................5.................P.....h.................C.....V.................7.....H.................?.....b...........M.......................P.....{................./.....Z.....e...........'.....^.....o...........`.......................V.....q.................".....G.....S.......................(.................).....:.................,.....6.......................).....}.......................m.......................{...........4.....G.......................-.............................a.......................G.......................7.....v.......................[.......................h.................?...................................%.....@.................%.....2.............................S.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\nb.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):451701
                                                                                                                                                                                  Entropy (8bit):5.472620487842144
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:kQdPwogKJPp8WrCH6q9Mrg8o836QokquuCrU0x3xrjtCT:ka49KJx8WrI6mN836QlqvCIkxrjtCT
                                                                                                                                                                                  MD5:182A81F66FD3DE370039ED6A6A436311
                                                                                                                                                                                  SHA1:066385BB51FD7DB76168C5E68098DB931F90A8A9
                                                                                                                                                                                  SHA-256:DF9F7D151E9A3345681D47B37C1AF625479AAFFEA920BB7C585C518D1DFFFD66
                                                                                                                                                                                  SHA-512:C8B2DF8925E0D1A2AD49A3D1A5DFA25A6134E5CD1B6E1A03296DD8CC4AF6BB420ED2152647B680E147640616A40A1B588A858CD003D3C8E4ED6D67BD4C747BDF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$..e.....g.....h.....i.*...j.6...k.E...l.P...n.X...o.]...p.j...q.p...r.|...s.....t.....v.....w.....y.....z.....|.....}....................................................... .....!.....#...........B.....U.....l.............................q.................!...........0.......................b......................._.......................L.....u.................T.........................................r...........?.....^...........8.....p...............................................\.....~.................+.....9.............................r.......................[.......................q.......................s.......................q.......................c.......................r.........../.....G.......................1.............................m.......................t...........!.....X.................2.....K.................D.....\.................\.....p...........K.................)...............................................k.......................N.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\nl.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):464538
                                                                                                                                                                                  Entropy (8bit):5.4124218906381545
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:kD0RU3kTiDdSn86ej0ilOlGpk/zfQnoTCRXMs5vGDIK4mJu7y:KU5ns0ilOlGpk/zfmoTCRcs5+DIoJu2
                                                                                                                                                                                  MD5:5568B85F35B8C1FD99A8801C34389B83
                                                                                                                                                                                  SHA1:D38588E1EAEBD9881BDB77E84F2F5628589F4E08
                                                                                                                                                                                  SHA-256:3D97DEA1E2A4B379E33E30C75E055537B95059902EBAC9E1B368CE2D7E0E745C
                                                                                                                                                                                  SHA-512:D69AB6BFFC0F84142DA9A25481C86AB790E1C609962F59E4D95B09A7E9F9F39D8FEB71438771A2A227D60A679169D55DC3517006077AFA214364FFB8F9B464D8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.....g.6...h.;...i.L...j.X...k.g...l.r...n.z...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................$.....,.....3.....:.....A.....B.....C.....E.....Q.....k.....|...................................k...................................G.....]...........*.....`.....w...........".....K.....Z.......................<.................K.....l...........D.....{.................Y.......................h.................&.......................o.................G.............................l.......................@......................./.......................1.............................i.......................H.....t.................=.....q.................\.......................k.......................Q.....r.................?.....g.....y...........K.......................P.....n.................F.....x.................[.................A.................(.................X.....}...........H.....y.................1.....U.....e...........'.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\pl.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):511053
                                                                                                                                                                                  Entropy (8bit):5.786571756641256
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:VGAPdVH3w4O3QF8WoOBCs9/8fQfM6HCkbd/P2CUd7ze3mBR9GYYdmMsucZr1auuN:UAk43SMp
                                                                                                                                                                                  MD5:737BD6A70DB9340C2A34567CAC564837
                                                                                                                                                                                  SHA1:C656CBC599F8346A0C81713BE6184A8F7B2EF787
                                                                                                                                                                                  SHA-256:73C515CF97FE807F8A8EA252CF68F4D1FAA28E65A57B4ADF3D94AECA485952D3
                                                                                                                                                                                  SHA-512:E0CC5B98688A5CCF6FFEDE281689C81F5A5653CE1AE6F7BA45837742C7CF765A27E0749D3A8C67967BEAEC5229DE10E955FE5AF720B7DCA8CB63A56EFD8EF957
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.....g.....h.#...i.4...j.>...k.M...l.X...n.`...o.e...p.r...q.x...r.....s.....t.....v.....w.....y.....z.....|.....}........................................... .....'.....(.....).....+.....:.....Q.....f.....{.......................1.................9.....L...........a.................+.......................C.......................<.......................]...................................].................L.......................a.....................................................x.................8.....M.....n.................*.....:.............................c.......................q.......................m.......................^.......................N.......................e...........'.....?.............................m.......................Y.......................{...........#.....T.......................".........................................?.....Y...........L.................9.......................w.......................T.......................8.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\pt-BR.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):486700
                                                                                                                                                                                  Entropy (8bit):5.464263399446838
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:waMEVezbsEcR0+uesRNcBYNBXBLSXpnDRFedE1:NQzbcoesRCJ
                                                                                                                                                                                  MD5:CF1B4D6659F62717A7C8F8E85F6349EA
                                                                                                                                                                                  SHA1:A500CC790C1EEAE0F9BEBE1CE459FBC8E7A3B615
                                                                                                                                                                                  SHA-256:F1F483EAC061C7D8E19D170D34E4663C02B4D2540AD0D2E8C745EE85B471E006
                                                                                                                                                                                  SHA-512:1AAAA2E5DEFC9E53E5A300ECDC3BBCF9D2A6E39E187E5D797F5B8D7C54F1688DC5ADE39E767424986717D9CBC3B5DBC0FFB961AFB52F4928ACAC32AE41078E7C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.<...g.D...h.I...i.Z...j.f...k.u...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............".....*.....2.....:.....A.....H.....O.....P.....Q.....V.....h.....}.................B...........*.....F.................F.....V...........s.................U.......................W.......................<.......................h.................H...........=.........................................=.......................k...........).....B...........N......................._.......................O.......................L.......................U.......................N.......................-.....[.....e.................5.....?.................4.....E...........@.......................H.....l.......................?.......................3...........,.....g.................5.....N.................N.....a...........1.....|...............................................P.....{...........-.....U.....h.................+.....@............ ....U ....u

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\pt-PT.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):492315
                                                                                                                                                                                  Entropy (8bit):5.443481237378021
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:tSam1OWZa48UrcbSSRsoQu4JVJJxh0zlaYmF4CZ:8z1xHrQSSR+B
                                                                                                                                                                                  MD5:B3493B1436FEA5D64FA3C0015B739735
                                                                                                                                                                                  SHA1:6277A1CB70C30C466EEACB176B367C981986F9E2
                                                                                                                                                                                  SHA-256:EB3C51D1EE6581ABC73BACEC65989C990F321FDEB046D30B1FD417717EDC5FD7
                                                                                                                                                                                  SHA-512:385793B735387B2D8A440C1AE22F076D89AA67F7A019D92C823D3C86562B50268CC4C4DBD69075752FEBF91F0FDCBA339BA5FDFA42D72A3F4B624F8AC153E653
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........7%..e.|...g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.(...y.....z.=...|.C...}.U.....].....b.....j.....r.....z.................................................................q...........V.....q...........<.................%................. .................O.....s.................@.....P.................$.....6...........$.....f.................t.................D.......................c...................................5.....J...........@.......................l.......................Z.......................].......................m.......................n.......................Q.....~.................*.....W.....a.................L.....]...........;.......................K.....u.......................*.....;.................,.....F.................l.................5....._.....q.................U.....j...........+.....y...............................................C.....g...........J.......................>.....c.....x...........F

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\ro.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):505330
                                                                                                                                                                                  Entropy (8bit):5.501095594115375
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:iemFVnWv+weNV4s29h6Vbuq62XTZp468lZqhRsGIKwCAug+UL:H4WsNeh6G2Xnz8lEzsGVwyp2
                                                                                                                                                                                  MD5:4F3186F37E6D686148B7464B4A90BAF3
                                                                                                                                                                                  SHA1:00BC72E7AF74783F3DB23D55987D39ECEE1B27B0
                                                                                                                                                                                  SHA-256:BA8A1AE5798B51AAEF2D67CFF13BBA85BB5B5D7DDEDBEBA29B11C1D03F72F037
                                                                                                                                                                                  SHA-512:50FB4BFC36C40B3FFD4EA1E33EE4F67F3001792C709ABCC69F66F6463B51AEAE70877DE87D17E3ADAB351C3142B549FD9455DDFF49AA2507BE49282B0E81B790
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........"%..e.R...g.Z...h._...i.p...j.z...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.).....1.....6.....>.....F.....N.....U.....\.....c.....d.....e.....g.....v.......................@.................8.................2.....F...........M.................>.......................^.......................A.......................P...................................K.....o...........M.......................q.................,.......................}...........M.....{.................8.....U.......................$.....u.......................Z.......................W.......................D.............................j.......................R.........................................L.............................d.......................i.................6.................!.....s.......................d.........................................4...........1.................&.......................s.................#.....w.......................y.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\ru.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):806136
                                                                                                                                                                                  Entropy (8bit):4.941503077631742
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:VEexDDfQjRo4YVepEaX+Pcw10f9XIGnGtjVFYw2T5tqnjf3QjIvj3lDRxhCz52Wq:VEexI50xdB
                                                                                                                                                                                  MD5:8EDCD84A3BA8242015542095F1AD0275
                                                                                                                                                                                  SHA1:F06B8A866F99A277311DF1C97A5A9DEA3F6AB326
                                                                                                                                                                                  SHA-256:23B20A08FE29DE86F398650D3661131F5CA051D6D31BE237FAE33AABD21ECBB6
                                                                                                                                                                                  SHA-512:B32C7F8C790BB9952C7DD51FD7A7CF29805E349A0485A6B22F25665804659DB7E277BD21E3DABC8287FC5B4FA27B9354BF417F0F60C368301080B31521805153
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$k.e.6...g.>...h.C...i.T...j.`...k.o...l.z...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................$.....,.....4.....;.....B.....I.....J.....K.....M.....j.............................Y.......................;.......................l.......................*.....o...........X...........`.................5.....y...........D...........6.....r.....e.....(.......................5.................c...........D.....i.....!...........K.....x.....|.....v...........E...........X.................F...................................%.....B...........G.................K...........%.....J...........M.................'.......................j.................).....;.......................< ..... ..... .....!....|!.....!.....!....."....."....4#.....#.....#.....$....V%.....%.....&.....&.....'.....'....@'.....'....o(.....(.....(.....)....'*.....*.....*.....+....J,.....,.....,.....-..........C/...../....A0.....0.....0.....1.....1.....2....N2....g2....?3.....3

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\sk.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):510792
                                                                                                                                                                                  Entropy (8bit):5.831316727188874
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:NYpbzY8y5bgx9GWiHQgC55fLwxdjJ6gGwLXIkqVvZleIEFBt4PY:NEYPWwxHQgelLwxd9NXIkqVgvt4Q
                                                                                                                                                                                  MD5:294D3C5A8E7FEFA8D401B339DBA20942
                                                                                                                                                                                  SHA1:5A766AAEE3A0583ABC5B84A2252983563F8BF23C
                                                                                                                                                                                  SHA-256:A9395944DF28675F462E805496F4F152FA997DB61432856950BCB23BA7BFEB30
                                                                                                                                                                                  SHA-512:0467861F82049C9C3C0D49437CF1F23397BC65E971231D3EF1FEC85CA694D2E72803B44051B091B8F92FD3C65F7E2AFAEC9157E787B24AEE751E97009A302E75
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.@...g.H...h.M...i.a...j.m...k.|...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......$.....).....1.....9.....A.....H.....O.....V.....W.....X.....Z.....n.......................[...........x.................t.................N...........".....<.................F.....]...........,.....[.....n...........'.....P.....d...........=.....r...........2.................!.................S.....l...........O................."...................................i.................:.....Z.....o...........0.....V.....h...........).....P.....b...........B.......................s.........................................&.......................E............................. .....k.................#.....>.....R.................#.....8.................:.....J...........G.......................j................. .....y.................@.............................B.................=.................. ....v ..... .....!.....!....s!.....!.....!.....!....."....."

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\sr.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):756339
                                                                                                                                                                                  Entropy (8bit):4.883883118097412
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:kVPuCaM641l9TxqJumgf3768/k/SZy7PrXZ9lIUjv10S4sNQBke8meeDv4DWXWvq:YPRR9g8wy
                                                                                                                                                                                  MD5:F36B0C7A66C684148A3FB95329A8860A
                                                                                                                                                                                  SHA1:D532B0B7DA5E7F03D9230545CF27A3C1CB716091
                                                                                                                                                                                  SHA-256:0234C568FCE02C6AC1CFC9F229568B9E3067F80B403F44D1F41C849F39A2D8B3
                                                                                                                                                                                  SHA-512:09715F25F7A3EE4D1E8FC2CCFE6ED1712775BD9C0753C72C9CCAACB3A61A44EB492289132B9707EF0669F7AAA99BF87B6EE33E6DAFF7C53EB6B53CFC444691EB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........<%..e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.%...w.2...y.8...z.G...|.M...}._.....g.....l.....t.....|.................................................................F.....3...........t...........l...........y.................b...........*.......................P.............................~...........;.....R.....$.................N.....N.............................4.................}...........v.................8.............................p...........=...................................E.....h...........e.........................................P...........%.....F..........._.................a...........$ ....E ..... ....t!.....!.....!....."....b#.....#.....$.....$.....%....D%....l%.....&....{&.....&.....&.....'....-(....z(.....(....g).....)....Z*.....*....M+.....+.....+.....,.....,....m-.....-.....-..........N/...../.....0.....0.....1....R2....p2....^3.....4....w4.....4....{5.....6....Z6....{6.....7....v7.....7.....7.....8....D9

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\sv.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):457059
                                                                                                                                                                                  Entropy (8bit):5.581376596585994
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:09yDYlvEIYvp9X4pbvigNhhIp4gfaVvZ4otlsvHIKI16wKg7mX06Un/4i054nQUr:lmEypbvo5K/
                                                                                                                                                                                  MD5:8C1F46BCEA9E70786374A73C367A86A8
                                                                                                                                                                                  SHA1:A3D3CA3A0893DBBF70D01F93C1CEB6E83505DE9D
                                                                                                                                                                                  SHA-256:EF49188DBCC8AD652143AD4ADD3BA0C76A918AF5B300C5F0EC283B05267A06E2
                                                                                                                                                                                  SHA-512:091BBD65E823A1F2355ED7233465F74F0568242C1A0D8F2AF32C917B4C6EAACD42FD392DC683CEB019910C246F084579B48E6BCDF76E4BD2FDBD09EE082369A4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.....g.$...h.)...i.:...j.F...k.U...l.`...n.h...o.m...p.z...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................!.....(...../.....0.....1.....3.....D.....Z.....n...................................N...................................W.....p...........@.....y.................K.....z.................J.....{.................o.................A.......................t.......................~...........-.....=...........9.................5...........#.....B.............................o.......................L.......................@.......................M.......................B.......................2.......................).......................4.......................I.......................".....r.......................C.....d.....v...........N.......................o.......................`.......................V.................!...................................>.....d...........0.....`.....s.................+.....9.............

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\sw.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):473542
                                                                                                                                                                                  Entropy (8bit):5.41002434678886
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:apWBLJSWFKkuQ/XPX/XnJqC5bbCfRdkULbsD4JkE1h8H1KTeEN:apeLsisd
                                                                                                                                                                                  MD5:1778B695186494D1DFCE964D079CD822
                                                                                                                                                                                  SHA1:71ABC26C0E668B21B171234ED97F1FDFF47C19FB
                                                                                                                                                                                  SHA-256:4469108829043A60B8C2391A255A1221246590E642FA3732636A9510B838F159
                                                                                                                                                                                  SHA-512:323288BA144C291E96DC1476B3051AB885B7A5F060B3DA9DFC46B2DE2422A3DEBA3A85C24D767E969337AFBA26BD76EA42D6C5B630B0280D73807AC89A7321BC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.$...g.,...h.1...i.<...j.H...k.W...l.b...n.j...o.o...p.|...q.....r.....s.....t.....v.....w.....y.....z.....|.....}.....................................#.....*.....1.....2.....3.....8.....J.....c.....w...................................c...................................Z.....p...........$.....W.....k.................@.....O.................).....7.................8.....^...........\.................3.......................A.......................B...................................X.....t.................F.....a.............................h.......................Z.................#.....{.......................|.................&.....z.......................f...................................0.....I.................(.....D.................7.....X.................T.....d...........@.......................\.....}.................>.....f.....x...........T.................>.................'.................L.....i...........^.................$.....x.................F.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\ta.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1204486
                                                                                                                                                                                  Entropy (8bit):4.142153948657093
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:n0CLdc1vdtRlcA2ytm1vYpiMapYhDvscZsU/:0CL4vDcA2ytm1vYpiMaU/
                                                                                                                                                                                  MD5:0594AD99E16040A7B3886D4A651FF50B
                                                                                                                                                                                  SHA1:49153ABE427606D0E5004107CDE46771423D37D5
                                                                                                                                                                                  SHA-256:A7B81B277CE0078070D1F2B279D227E2ED1C08075B071872606EB3B9E27E233C
                                                                                                                                                                                  SHA-512:033D4C683B9EF416D7A8642CAD752BE77F2099F7455E488A8E3C0DEE5F41D02137916139B96B071CE2DDC162205A3FFA30CD16A1CEB3C44618E8CAD7A196D09D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........%..e.....g.6...h.;...i.L...j.X...k.g...l.r...n.z...o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.........................$.....,.....3.....:.....A.....B.....C.....H.....v.................p...........k.....1.....Z.............................^.......................%.....[...........).....*...............................................H.....L...........7.............................4.....J...........0.....q...........<.....m............ ..... ....E!.....".....$.....$....N%....Q&.....'....n'.....'.....(.....).....).....*.....+.....+....;,....o,.....-..........6/...../....y0....j1.....1.....2.....3.....3....i4.....4.....5.....6.....6....,7....&8.....9.....9.....9.....;....p<....L=.....=.....>....s?.....?....$@.....A.....A....+B....|B....QC....:D.....E....RE....{F.....G.....H.....H....iI..../J.....J.....J.....K.....M.....M.....M....aO....tP....UQ.....Q.....S....|U.....V....(W....zX.....Y....FZ.....Z....&\....L].....]....]^....a_....N`.....`.....a....@b....oc

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\te.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1102827
                                                                                                                                                                                  Entropy (8bit):4.390768443049786
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:gYv0vj7McKNR/AH2Te1ITjJAq8EtUuiEN/gJshTWFHvqdW/3wkAE26KO+ymN8uVE:gYXtntQ
                                                                                                                                                                                  MD5:BA164DEEE9DFEB5ACB7B43C57973C5A1
                                                                                                                                                                                  SHA1:B58180A0C3413E80EDCFDDCBDB79CA9B14BE4445
                                                                                                                                                                                  SHA-256:F241CF348039190CD8A812FF9EFF40E5D7CF94542D454C4E0F098A2A31A8B0F7
                                                                                                                                                                                  SHA-512:31FE310482750B56F591F7386878A3EF7B77813CC654ADA2B86B95E88C2FB541F74F78D69CCFB30CF2E42A98FC8D9BD7B0E22871708A9839D2947884EC16AA1B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........|%..e.....g.....h.....i.-...j.9...k.H...l.S...n.[...o.`...p.m...q.s...r.....s.....t.....v.....w.....y.....z.....|.....}.................................................".....#.....$.....).....`.................E...........-...........h.................F.................5...........Z.................O...........l...........h.................|...........,.....K.......................s...........i...........................................................;.....g.....e ..... .....".....#....h$.....$.....%....^&.....&.....&.....(.....(....@).....).....*....Z+.....+.....,....W-....A...........*/....Y0....31.....1.....1.....3.....3....b4.....4.....5.....6.....7....I7....o8....C9.....9.....:....\;....R<.....<....,=....->.....>....=?.....?....O@.....@.....A....PA.....B.....B.....C.....C....#E.... F.....F....GG....HH.....H....XI.....I.....J.....K....GL.....L.....M.....N....>O....zO....LQ.....R.....T....ET.....U.....V.....W.....X....ZY....GZ.....Z....*[....1\.....\....c].....].....^....._

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\th.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):947387
                                                                                                                                                                                  Entropy (8bit):4.452455588274606
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:GqNSApzN9LyZYAG+mFkcSrkIOkZGKDVEwPqXqWmhI+Tiw1p5M7M3CbU37BU6CZ8Z:1LIWM
                                                                                                                                                                                  MD5:B505E7DD4CA9125D185DF470681F8D1A
                                                                                                                                                                                  SHA1:46DEDCE10BB61CA8F18A112587EDB89B08EF8FCC
                                                                                                                                                                                  SHA-256:9B5F0E5747BBCF4CA7C12575E2A4B832DD85E77397AA86E44C54BB17246EEE59
                                                                                                                                                                                  SHA-512:2C944B7BD2BB19851E478540F33A97F84BD5E684960EF7E8B2F1D7EC5A2886EE5CAF4CC6ACC42B45ACA275B1D7CC0C5FA56A585E76B1D924FD961A0112DBC0EB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........t$..e.....g.....h.....i.....j.....k.%...l.+...o.3...p.@...q.F...r.R...s.c...t.l...v.....w.....y.....z.....|.....}...............................................................................0.....f...............................................A.............................I.......................>...........1.............................;.......................z...........c.....Z...........k.................3.......................G.......................U.................'.................................................................!...........y..................................."............ .....!....9!....."....."....&#....M#.....$.....$.....$.....%.....%.....&.....'....-'....G(....D).....*....0*.....*....o+.....+.....+.....,....+-....t-.....-....I...........0/....`/.....0....51.....1....;2.....2....P3.....3.....3.....4.....5....u5.....5.....6....,7.....7.....7.....8.....9....}:.....:.....;.....<.....=.....>.....>.....?....)@....Y@.....A.....A.....B....!B....*C.....C

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\tr.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):486079
                                                                                                                                                                                  Entropy (8bit):5.657086029848131
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:lETTzjBV0OuZqTvJzApi1tBedlAswfzCM6TzAVzBzQjg/ZThgon7d0JiMz:lkLj0orJW0vl0H
                                                                                                                                                                                  MD5:9A7318AE7BA5E8762597EA1512E56ECA
                                                                                                                                                                                  SHA1:E417CB04E35FB7A124DE0F451CEEF72122BCCB85
                                                                                                                                                                                  SHA-256:EAEF9B2769B9EF0EC4916CE9254501C72C8CE46DF9CA5ECBC46275A2586CBF40
                                                                                                                                                                                  SHA-512:FCA8F99987E94FD574032F389295644DD164C5E2C6F0C5F2B0CD5ACB03686A064A5B4999E9FDB3B66293D9C8EF4E9175F7B18A9BFCDFBB6533E9FBC10E1361D4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........1%..e.p...g.x...h.}...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y. ...z./...|.5...}.G.....O.....T.....\.....d.....l.....s.....z.................................................................k.................O.................$.......................].......................a.......................H.......................R...................................7.....T.................K.....\.................:.....J...........6.....y...................................H.......................H.......................E.......................E.......................X.......................f.......................c.......................`...................................V.....o...........5.....b.....~...........(.....J.....e.................G.....Y...........0.....j.................9.....X.....h...........,.....W.....l...........@.................G..........._.....q...........v.................s...........-.....I............ ....= ....R ..... ....+!

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\uk.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):801697
                                                                                                                                                                                  Entropy (8bit):4.9761114710036445
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:G6+Qe/CNC9B3IjfAK+PTcTVu1xtq+4uL2uyVsyCvdqhqFoCT7g0lN:+QkdT9
                                                                                                                                                                                  MD5:4FD6B5F30381A3B79A1845B10C809C97
                                                                                                                                                                                  SHA1:B422650DAFD4744AD6A3C0A2B0CD650DC21EAEEF
                                                                                                                                                                                  SHA-256:9A89D8F6751AE55B1BB109F4BE758F5EB511216D8BE5830F55E12E772686E56B
                                                                                                                                                                                  SHA-512:AA9F4A05F5917DC7CBD0263C5E23950665B4DC7E61841AD81CA40240488A85B46770056B6BBE5395392C0A0C9598893255A597BEBA7A4836B8003B6B03112627
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$..e.....g.....h.....i.....j."...k.1...l.<...n.D...o.I...p.V...q.\...r.h...s.y...t.....v.....w.....y.....z.....|.....}........................................................................./.....V.......................i.......................b.......................p...................................:...........].................{...........g.....|.....8...........$.....].....J.......................z...........t...........B...........6.....W.................5.....b.....Q.......................e.................4...........=.....}...........%.............................I.................g...........A.....\...........m................._...........%.....D...........W.................. .....!....."....P"....."....b#.....#.....#....;$.....$.....$.....$.....%....@&.....&.....&.....'....}(.....(....l).....)....m*.....*.....*....u+.....+....9,....f,....=-.....-....C.....o.....a/....50.....0.....0.....1.....2....&3....j3.....4.....4.....4.... 5.....5....'6....f6.....6....W7.....8

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\vi.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):570628
                                                                                                                                                                                  Entropy (8bit):5.839367137148999
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:12288:gbl2R+c182J5cy6stVziNHb30Pqyo/8rtf8v6O2wQghMtj9ysMYgn:gbl2R+c18K56stpiN730iyo/8Jf8v6Op
                                                                                                                                                                                  MD5:818C831174BFE5A6930D94AD3968D3F0
                                                                                                                                                                                  SHA1:FDF75529B95723C4A3AF3EC59E6762BF14E48A5A
                                                                                                                                                                                  SHA-256:07EBEE2599A8F30DE5C0CAE97E2CBF6B7D8BFAB1AAA9454824B6FE6683C1EA8E
                                                                                                                                                                                  SHA-512:CB06546083F99DEA788EA973B580ACAD3BA876F2768CC41189916A58CE75EF462425C17017B871AD64D908014E3485E51BA52657DC167ADB72DF14E09CDEFC88
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.........$*.e.....g.....h.....i.....j.....k.....l.....n.....o.....p.....q.%...r.1...s.B...t.K...v.`...w.m...y.s...z.....|.....}.....................................................................................&.....E.......................7...........K.................e...........Y...................................@.......................5...................................Q...........C...........U...............................................I.....`...................................^.................b.......................|.................'.................C.....T...........R.........................................1.......................F.......................Y.............................d.................i.................4.................3...........*.....`...........)...........%.....t...........X.................= ..... ..... .....!.....!....."....Y"....."....##.....#....9$....M$.....%.....%.....&....J&.....&....3'....h'.....'.....'....T(.....(.....(....9).....)....!*

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\zh-CN.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):410465
                                                                                                                                                                                  Entropy (8bit):6.746826206487886
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:c+2ukSJOuA1yoteVUBqBn5J7VelUOsia8Np7P+WkVoj7:kuk7uA1yo+uqBn5J7/Ga8j+WkVG7
                                                                                                                                                                                  MD5:68F4A45CAD710965CDA0995AFDD80C6B
                                                                                                                                                                                  SHA1:B498A99647FDBCC5212669CB9873F264965FF24B
                                                                                                                                                                                  SHA-256:8984A847DF4A47393644308259D1B61225F1656423289AA7B5B2F5B52AE792D9
                                                                                                                                                                                  SHA-512:64517F1668D27C702D60BCA43F5E4C1EEFE5B5EF40FE31B4EFC83ADF65308AC05F7935BAE94E2C735466C197B51D8AE17E91E9FA6C2BA483D8EAD81AA85F89AB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........f$..e.....g.....h.....i.....j.....k.....l.....m.....o.....p.....q.!...r.-...s.>...t.G...v.\...w.i...|.o...}.............................................................................................................W.....i.................L.....X...........!.....Y.....k...........*.....l.................).....O.....[.......................(.........................................1.....C.................3.....@.............................y...................................%.....7.............................D.............................R.....r.................L.......................@.....i.....u...........&.....U.....a.................,.....8.........................................9.....M.............................v.......................h.......................K.......................:.....}.......................\.......................Y.................&.......................\.......................k.......................;.............................c.............

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\localization\zh-TW.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):414401
                                                                                                                                                                                  Entropy (8bit):6.74932083877727
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6144:YJ/SSbXB0uxG8fZl7Hex1k0T15bUxoX9d63wnTLkIJGkr:YJ6SbmR8fTk1xtdpfkIJGkr
                                                                                                                                                                                  MD5:90C958A994A80B5C165D83EAA2EE493C
                                                                                                                                                                                  SHA1:D8CCEE4ED3A60521B1EAC3780E14C91A6879C0D6
                                                                                                                                                                                  SHA-256:97492FACA1FC863EDEB2441D4E0A142CE085A5FDE11A43E41589071DD3D636C0
                                                                                                                                                                                  SHA-512:1D3EBB1848BF6876E40F640F8FD3415E8235EBE933D3FF27341D62EB1B1F8810EAAE982C363D3968D260BBA520B34EC3C8A89C74069B39AFBA1AF1AC4B9790F1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........u$..e.....g.....h.....i.....j.....k.)...l.4...n.<...o.A...p.I...q.O...r.[...s.l...t.u...v.....w.....y.....z.....|.....}.........................................................................$.....3...........#.....a.....s.................D.....P.................B.....T.................1.....C....................... .....l.......................H.......................<.......................4.............................q.......................l.................!.......................'.....g.....{.................%.....E.....Q.......................".....u.......................R.......................5.............................q.......................J.....s.................G.....|.................".....<.....P.......................j.......................V.......................?.............................I.....l.....~...........1.....`.....z...........f.................).......................;.............................F.....[.....h.................9.....K.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\mojo_core.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1719712
                                                                                                                                                                                  Entropy (8bit):6.5008502116352025
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:iOHxZpFgLQXAAs4B8HZK2pok9Z9ys+dOoQJPGVo4S7os:rRZpOLQXrYo2Kk9Z9ys+dTMPGVPFs
                                                                                                                                                                                  MD5:3A78A5A86C4758B383E31B5E1A8280A6
                                                                                                                                                                                  SHA1:EA5EF3AA9031CE2A712A874DEEF8E64412923E64
                                                                                                                                                                                  SHA-256:EEF56C4AE2A488E40E54E26911CDC14CDCCD75B4BD4FF44360D201330D3E6C1D
                                                                                                                                                                                  SHA-512:78F24C81BD10AAC46904F017AF75B363DF18EEA747F4A003B7EE2C756892D3B2F415DAF0DD64190DBC31EFF0672F968CD6AF4373F7624094937695ADAC533713
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." .....8...........H.......................................@............`A.........................................N..p... O...........................)... ......l;..8...................P:..(...`b..@............U...............................text...67.......8.................. ..`.rdata..L....P.......<..............@..@.data...H...........................@....pdata..............................@..@.00cfg..0...........................@..@.gxfg....*.......,..................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\notification_helper.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1368992
                                                                                                                                                                                  Entropy (8bit):6.5152433915915005
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:P+80NUzGW7DZfUgR0l9ly9qb6877UQoeT7GNrm3:P0NUzGODpR0lNTfU0HG8
                                                                                                                                                                                  MD5:366FAFAE6EFCABA2CA61ADFB6736B528
                                                                                                                                                                                  SHA1:CBBCE98941A710D80CB20933556E627D40286251
                                                                                                                                                                                  SHA-256:7E0A0D8C382661D68C128C9A0BE3CB58D45FF43C14318F3F85D59011C0852DFE
                                                                                                                                                                                  SHA-512:813361CEFD2F6CE8ED6AC18580343246F6B470CB490308CBF8E60425850A50C4090462DA3DEB9545BF2B8EDFD12130335E83E528FBD3A6E8267EB5F9D40062C5
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........."............................@............................. ......=.....`.........................................(*..\....*.......... .......P........)..........L.......................0...(...."..@............1...............................text...&........................... ..`.rdata..`.... ......................@..@.data...............................@....pdata..P...........................@..@.00cfg..0....p.......`..............@..@.gxfg...p,...........b..............@..@.retplne.................................tls................................@...CPADinfo@...........................@..._RDATA..\...........................@..@.rsrc... ...........................@..@.reloc..............................@..B........................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1466272
                                                                                                                                                                                  Entropy (8bit):6.40589832313238
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:us9ODY2nnjuULzZjiOiVV3K0EAbTykeLJIbPDUkD:XsDYqy8ljfE3fEmfeLJC5
                                                                                                                                                                                  MD5:39DDB5A73323607B679EE5901EF4152E
                                                                                                                                                                                  SHA1:DB6E47C1C0A1BAB84F867A7B1E7B8C9B72894E39
                                                                                                                                                                                  SHA-256:9A3567A92EA07D08A3931E41E89F21C3A03569DC2AF97B79CC4F0108AF132F9E
                                                                                                                                                                                  SHA-512:26DDA00171DD0B00C045A099759F8029CD6BE03CD079B1C2ABB79A1FF89BB4A7C6C4B82152AD50F42EA9EA663AFF45B6CA1ED2E7DD5849380782665431439BFD
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........."......\...........d.........@.............................P.......^....`.........................................-P..k....P..P.......8........}...6...)...0.......:..8....................8..(...`...@............V......hG.......................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data...............................@....pdata...}.......~..................@..@.00cfg..0.... .......X..............@..@.gxfg....*...0...,...Z..............@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...8...........................@..@.reloc.......0......................@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera.exe.sig

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1471
                                                                                                                                                                                  Entropy (8bit):7.595546020183886
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24:+iCNV9ue/BbGNo7H6lah8keReriJ8gLIcO5v4Duvw5HjgTa/if3XrPXMuHVeb+ky:+iCHMepSN078kfipLIckwFj8a/oPMu1R
                                                                                                                                                                                  MD5:38DB29A7213F0F0440A2B74CF1282231
                                                                                                                                                                                  SHA1:FEB43DBD097464E0DEE7094FD4EC10A1EDA1CB2C
                                                                                                                                                                                  SHA-256:86C3075094D5C07C8F27434300D3DE2E42F1C29D8EDBF91688AFD9B4B5F4E36C
                                                                                                                                                                                  SHA-512:512642295BC5E15B7DDCB8B8030962998656BBA8A0FC3AAFA9AFBA33E74FEB428934E72E0D3A0B328E9F9F0AF7E735348B047CD9C89A80511A79BE08A485D311
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:....0...0................K)..3...[.40...*.H........0}1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1"0 ..U....widevine-codesign-root-ca0...180627202339Z..280624202339Z0..1.0...U....PL1.0...U....DOLNOSLASKIE1.0...U....WROCLAW1.0...U....Opera Software AS1.0...U....DESKTOP1.0...U....DESKTOP PROD1'0%..*.H........wdzierzanowski@opera.com0.."0...*.H.............0.........x.....jn...)>a.....-} .v...P..S..x.>k{.........Tr..Yo.D....d.....l.v.wU. .A.W5..oor....-Vs.o.......yH.pJ...?.Whs0`....Jb....3/. tl..8c........C..Byq>h..3A8..{..p....\..n...Q.t....0mQ{j......U|.W\...........s!....K...'.....s..s....P..r8..........0..0...U.......`..\../X.l...e....w0...U.#..0....=..tW....!.B.#U).0...U....0.0...U........0...U.%..0...+.......0...+.....y........0...*.H..............D.G....gtpx.......~...v.....c..%.I.....c2Y.Y.....Y^..Aa..A.b.Y.f..Zra*.),K.....n.1r.C...Z...)....W.r.gu.Z....l......S.CF.m.Y...P.W..y.f.\,.$.>...!...FK....j....XHn.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):45999898
                                                                                                                                                                                  Entropy (8bit):7.927384020696815
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:786432:HuHZkWCkxBJ/9F7OSlKLbNPbGN+ULZBFQMg2m39Q7AGA2FI4:HGeleX9ASYL5bMjLZBuhh92AGAL4
                                                                                                                                                                                  MD5:59030EC34C6AFA8A7193B1EFBAD57AEF
                                                                                                                                                                                  SHA1:C8535FC538CDB0E8BCCDB2FBCFE9F2E1EF447EE2
                                                                                                                                                                                  SHA-256:F3ACDBDD7C17884D3CA3D1C8E2EE2CD5D251425633C98D31DFBE782F7FE4C876
                                                                                                                                                                                  SHA-512:C7B3B4BAEDEA72E0A6EE5EB73825E55CAD9F70AD8F853C09890008F20544A770AC49C542E221794CF3D23E7CC8D0487736C629234054E94DB6D295F4ADD84B4C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:..........$.f..M..{.jX..|.>[....(_....:a.....l....7.................q..........._...........k.........../.....O.....-..........=.....=.....=.#..:>K2..;>.5..<>.9..D>.>..E>)A..F>.B..G>.D..H>.F.. ?.I..!?...."?....#?r...$?....%?....&?k...'?z...(?V...)?G...*?)...+?....,?....-?.....?0.../?.....?.....?@....?0....?$....?.....?.....@S....@5....@.....@.....@.....@.....@.....@.....@.....@.....@.....@0....A#....A.....A.....B.....B.....BX....C\....C.....CA....C....C.....C`....CU....C....C.....CS....C.2...D.....Dy..."GcM..#G.O...H6^...H.e...Hvm...H.p...H.v...H.}...H....H.d...H.B..bM.z..cM.|..dMH...eM...fM....gM.....M.....M....M....M....M....M....M....N\....N.....N....RN=...SN....TN....UN....VN....WNe...XN....YN....ZN(...[N....\N.....O.....O.....O.....O'....O~4...Of>...O:D...O.G...OuW...OlY...Oe^...O.a..`O.f..aO.g..bOJk..cO.u..dO.v..eOPy..fO.}..gOy~..hOJ...iOH...jO....kO(...lO...mO;...nO...oOz...pO....qO.....O}....O.....Ou....O.....O.....O.....O.....O^....O.....O.....O.....O.....O.....O..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera.visualelementsmanifest.xml

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):317
                                                                                                                                                                                  Entropy (8bit):4.996593526126476
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:6:ejHyaVic4subiL/bWHMjizddDhkQwYZXXKmJfFmkQwYEbghuPYEpwhugVFQ:eF8iDbWHMjizd2O/fbrghuP5whuQFQ
                                                                                                                                                                                  MD5:E8D8EAA4C2826C083AB9243B5CBD7BF8
                                                                                                                                                                                  SHA1:534361AE03417DFD14EBD6F961B707C75A2AF41A
                                                                                                                                                                                  SHA-256:B3213B07F691C812425115428B9D6E0637D488159E0A1C160C8FA8F04DED11F6
                                                                                                                                                                                  SHA-512:8ECCD5EF54A73E915A39CDEF9768837DD16E49AE27A3AE6428FB346C9C838FD9DBEDC3F40A9094754C770CA2236A0D2DFDE37D22289218D862AF5E8BC15E85E5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <VisualElements. BackgroundColor="#06030D". ShowNameOnSquare150x150Logo="on". ForegroundText="light". Square150x150Logo="Assets\150x150Logo.png". Square70x70Logo="Assets\70x70Logo.png". />.</Application>

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_100_percent.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1231948
                                                                                                                                                                                  Entropy (8bit):7.958236134700672
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:TB4oO0TODS0KeuX7D3WldzlZzA+3s8q1iv75ioMIXi5QUCAXll7deAIS:t4BKODS0NwDGldzd3/q1873XnUbXllY6
                                                                                                                                                                                  MD5:75C2B6F6C8010058D42D5EB0BA39471F
                                                                                                                                                                                  SHA1:FCEC790F7F4BDAC63D405940FE0A1C80A29671CD
                                                                                                                                                                                  SHA-256:DDC196141F17A37184C7C906793E8C30191ED3EC98416F1C653ECE1A51EBC050
                                                                                                                                                                                  SHA-512:618C0A369C16CEC0433DAD260104DE476F5E1468DBC7C544A3F6ABC216D604C0AB7E606D1CF6E4DF379B79AE0764E903E3ABB86E9E9870C7AF7FC17EA43101B2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:..........4..............jz....j@....j.....j-....j.....jj....jw"...j.%...j.'...jS*...j.,...j10...jT2...j.<...j.G...j.J...j.N...j.R...j.T...j.U...j.Y...j.Z...j&]...j.a...j.d...j.g...j|i...j.j...j.k...l.m...l.~...l.....l~....l.....n3....nT....n.....n.....n.....n(....n9....n.....n.....ns....n.....n.....n_....nR....n.....n.....n.....n7...ry....syv...ty....uy....vy....wy....xy....yy....zy....{ys...|yH...}y(...~y.....y.....y.....y.....y.....yt....y.....yR....y.....y!....y.....yN....y.....y.....yZ....y)....y.....y.....y-....y.....y.....yY....y.....y.....y`....y(....y.....y+ ...y. ...y. ...yK!...y.!...y."...y~"...y.$...y.-...y./...y.2...y.8...y,C...y.D...y.M...y.S...yKY...y.^...y.e...yGg...y.k...y.o...y?y...y_|...y.....y.....y;....ys....y.....yA....y.....y.....yr....y....y....y....y.....y.....y.....ye....y<....y.....y@....y.....yR....y.....y.....yI....y.....y<....y.....y<....y.....y.....y.....y.....yz....z\....z.....z.....zw....z.....z.....z.....zv....zd....z@....z.....z.....z.....zR....z..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_125_percent.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1323194
                                                                                                                                                                                  Entropy (8bit):7.956725168724986
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:4P6edh+WS0KeuX7D3Wldz4Zz4l8T2Xla0hm0gfnAxrcmuwz5QUCAXllIdeAIS:4Pjr+WS0NwDGldzp5Xla83gPAJcmuwGN
                                                                                                                                                                                  MD5:955D32856E3EF0DF9AF4E3376DE9DD27
                                                                                                                                                                                  SHA1:71B167ACB95E5A2B8D34D8C551D8BB1F184BE2D4
                                                                                                                                                                                  SHA-256:683CB727472230B739CABF53EFF3DED1544294AA9A08AAA5F783C9433039BAED
                                                                                                                                                                                  SHA-512:70764ABC24E3C987ADE51CB04E0CFEE2F822AE6F2C5E810DF2DB18591A0BF55236721940262CB6714B4C5ED893DA6078A866E639B95F3AD37C2A754D897903FC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:..........,...>.........ryL...sy....ty....uy....vy$...wy9...xyr...yy....zy....{y....|y....}y....~yB ...y'!...y."...y."...y.#...y.$...y.$...y!%...y.%...y.&...y|&...yt'...y*(...y+)...y.)...y.+...y.+...y.,...y.-...y.....yY/...yl0...y&1...y.2...y.2...y.3...y{4...y.4...yS5...y.5...y+6...y.6...y.7...y.7...y.8...y.8...y.9...y";...ydD...ymF...y.I...y.N...y.Z...y.[...y.d...y.j...yXp...y.u...y.|...yx~...y.....y.....y.....y.....y#....y.....y.....y.....yK....y....y.....yK....y?....y.....y.....y.....y.....y.....y.....y.....yi....y.....y.....y.....y.....y.....y.....y.....yh....y.....yS....y.....y.....yy....y.....y.....yg....zU....z.....z.....z.....z^....z.....zU....z#....z.....z. ...z. ...z.!...zr"...zG#...z.$...zJ%...zL&...|M'../|.'..0|.(..1|j(..2|.)..3|K*..4|$+..5|.,..6|.,..7|%-..8|{-..9|.-..:|9...;|....<|....=|.5..>|.8..?|.9..@|.:..A|.:..B|4;..C|.;..D|e<..E|.<..G|.=..H|.=..I|i>..J|.>..K|A?..L|.?..M|{@..N|.@..O|EA..P|.A..Q|.B..R|.B..S|.B..T|ZC..U|.C..V|PD..W|.D..X|!E..Y|.E..Z|.E..[|bF..\|.F..]|.G

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_150_percent.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1486334
                                                                                                                                                                                  Entropy (8bit):7.957860933036681
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:24576:v16edh+zS0KeuX7D3WldzJZzL3T6WbeDcG3ZXsRGIXa/S7wG/TcqYr87PD2R5QUi:tjr+zS0NwDGldzXG6eMRhB0GbcR8P24N
                                                                                                                                                                                  MD5:67DCD2DAF586DF6AD139242B245AAE87
                                                                                                                                                                                  SHA1:09B4541A28EEBB479C803EAEEC80BDB567D2C6B3
                                                                                                                                                                                  SHA-256:1F2674DB6D546AA671176622CC0D47A2E65947076250D8EF78192F6BBEF1D5DE
                                                                                                                                                                                  SHA-512:2A1B65C3E23E30B7C810A9EFD120B1AD56377AC596F16A189D3577E1823594C4801BA2CBA060B62F938030C7B0347A49C92228E702FD58F35495406F6323C73A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:..........,...>.........ryL...sy....ty....uy....vy&...wyZ...xy....yy....zyr...{y....|y....}y" ..~y.!...y."...y.#...y.$...yW%...y.%...ya&...y.&...yg'...y.'...y?(...ym)...yP*...y.+...ys,...y.-...y.....y./...y.0...y#2...y.2...yY4...y.5...y{6...yW7...y.8...y.9...y.9...yf:...y.:...y>;...y.;...y.<...y.<...y =...y.=...y&>...y5@...ywI...y.K...y.N...y.T...y._...y.`...y.i...y.o...yku...y.z...y.....y.....y%....y.....y.....y....y6....y'....y....y.....y^....y.....y.....y^....yR....y.....y.....y.....y.....y.....y.....y.....y|....y.....y.....y"....y.....y.....y.....y.....y{....y.....yf....y.....y.....y.....y.....y.....yz....zh....z.....z0....z.....z.....z]....z.....z.....z.$...z.%...z`&...z6'...z.(...z.(...z.)...z.*...z.+...|.,../|?-..0|.-..1|....2|....3|./..4|.0..5|r1..6|.2..7|.2..8|.2..9|K3..:|.3..;|.3..<|R4..=|r:..>|h>..?|.>..@|.?..A|.@..B|.@..C|<A..D|.A..E|mB..G|.C..H|bC..I|.C..J|TD..K|.D..L|ME..M|.E..N|EF..O|.F..P|'G..Q|.G..R|.G..S|pH..T|.H..U|GI..V|.I..W|.J..X|.J..Y|.K..Z|fK..[|.K..\|:L..]|.L

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_200_percent.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1924585
                                                                                                                                                                                  Entropy (8bit):7.9606211726580325
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:9vKjrOK9S0NwDGldzUK8ZOo6C5xI5ieR3Y0b+EUbXl2Y6:VKuK9S0NlzUbZOW5G5ieR3Sb+
                                                                                                                                                                                  MD5:6223070E641210F4BCE728B087693C53
                                                                                                                                                                                  SHA1:BD7377BED166269932F9CD67CE29417E8BD05BDE
                                                                                                                                                                                  SHA-256:35ED540CEA657DB4D59C3D0E46E1D3EF26BBBFA5A475868CD88DCE1D286BC11E
                                                                                                                                                                                  SHA-512:BBEEF6A649AC96C3F7EAFB3A4D75CD9B92D6BC6B4C5A2AC181CB472FDA6907417002CF67F293F8E7EE0C61FCAC1679AA95809E8F238E7ABB7C297D86CA30177F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:..........4..............j.....j.....j."...ji(...j.+...j.,...j`3...j.8...j.;...j.C...jYG...j.O...j.S...j.h...j.|...j....jG....j.....j3....j....j%....jj....j.....j0....j9....j.....jK....j.....j]....l.....lh....l ....l.....l.....n?....n*....nT!...nH$...nM'...n.*...n.....n.2...n16...n.:...n-;...n.<...n.=...n.>...n.?...n+@...n.....n...ry....sy....ty....uyZ...vy...wyN...xy....yy....zy....{y....|y....}yi...~y4....y....y.....y.....y.....y.....y.....y.....yo....y....yG....yR....y#....yJ....y.....y-....y....y.....y....y....y.....y....y.....y.....y.....y.....y{....y.....yS....y.....y+....y.....y.....yw....y.....yW....y`....y.....y.....y.....y.....y.....y.....yK....y.....y.....yk....y.....y.....y.....y.!...y.*...y.....y.7...y.A...y>F...y.G...y.P...y>Y...y.[...y1^...y>b...ySi...ykj...y.q...ySv...y.y...y.}...yQ....yO....y<....y]....yN....yv....ys....y.....y.....yF....y.....y.....y.....y.....y.....y.....z.....z.....zt....z.....z5....z.....z.....z.....z.....z.....z.....z'....zK....zl....z`.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_250_percent.pak

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1715610
                                                                                                                                                                                  Entropy (8bit):7.958116988111234
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:49152:PRjr+2reURB8oY8jL/nU2SZ17nnVJJ9VBIUbXl2Y6:Zv6YBA8jLUnnnjl5b+
                                                                                                                                                                                  MD5:58CC1287307344B9EC8C9E26ED6C3501
                                                                                                                                                                                  SHA1:46A1C9A8EB6E3D751A6ACEC9443F2E4B033EA8CD
                                                                                                                                                                                  SHA-256:2844CDC18872169D49502F757FD8C86F2581A72AB90A3E4DCD83CD46E0BA3992
                                                                                                                                                                                  SHA-512:0BF43D89FA8C4AFFCCF4313F2FBCDDF74410E274623C9FAE54A4769FED4BF36DD633CA3D589017338A6382BA0F939D2E872C8AC918A00AC2AD5F5B8991ADB4EB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........../...B.........ryP...sy....tyd...uy:...vy....wy....xy....yy....zym...{yF ..|y9"..}y+$..~ym&...yx(...y.*...y.,...y4-...y.-...y.....y.....y.....yh/...y./...y.0...y.1...y.2...y.3...y.5...y.6...y.9...yD:...yK<...y.=...y.?...y.@...y.A...y.B...y.D...y.D...yRE...y.E...y*F...y.F...y.G...ynG...y.G...y.I...y5S...y>U...y.X...y.]...y.h...y.j...y.r...y.y...y)....y.....y.....yI....y....y....ye....y.....y.....y....y.....y.....y.....y.....y.....y.....y.....y.....yy....y.....yc....y.....y.....yW....y:....y.....yV....y.....y.....y.....ya....y.....y9....y.....y$....y.....y.....yJ....y[....yl....y8....z&....z.....z{....zQ....z. ...z #...z.%...z.*...zz/...zb0...z#1...z.1...z.2...z.3...zd4...z.5...z.6...|.7../|.8..0|e8..1|.8..2|r9..3|.:..4|.;..5|X<..6|.=..7|.=..8|.=..9|]>..:|.>..;|.?..<|d?..=|.E..>|zI..?|.J..@|.J..A| K..B|.K..C|NL..D|.L..E|.M..G|.N..H|tN..I|.N..J|fO..K|.O..L|_P..M|.P..N|WQ..O|.Q..P|9R..Q|.R..R|.S..S|.S..T|.S..U|YT..V|.T..W|,U..X|.U..Y|.V..Z|xV..[|.V..\|LW..]|.W..^|.W.._|SX..`|.X

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_autoupdate.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5707168
                                                                                                                                                                                  Entropy (8bit):6.529563568287021
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:98304:C4BUgxhSN2As/i1e8KXMjcZMSQfSJZ2mor3Zxa:C47A5ecj0MSV8Ba
                                                                                                                                                                                  MD5:4D96E6FCF0FD4774EEBCD45B76A2A022
                                                                                                                                                                                  SHA1:2DEA7486BA0C2EB11C46AAC9FAF389F3A5846105
                                                                                                                                                                                  SHA-256:E7F9657E7512A1C042354CC73E5D7A478ABD6A3983BE96F6CE39E7C3F7EF1F87
                                                                                                                                                                                  SHA-512:35C9588B54C33A19EB0E3F541F9FFF54D21425ACD746C484BAC4EDF931EE39DEEAEB3A604BACE15BA7108055A2677A9DD0FF1021D1CFFFE2D66E882FF0EE09D2
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e..........".......G...........-........@..............................X......3W...`..........................................P.Y.....P......@W.0I...@T..2....V..)....X. ?...dP.8...................pcP.(....3G.@.............P.8...8.P.@....................text.....G.......G................. ..`.rdata....... G.......G.............@..@.data...lf....Q.."....Q.............@....pdata...2...@T..4....R.............@..@.00cfg..0.....V.......U.............@..@.gxfg...@5....V..6....U.............@..@.retplne......V......DU..................tls....i.....V......FU.............@...CPADinfo@.....V......JU.............@...LZMADEC.......W......LU............. ..`_RDATA..\.... W......^U.............@..@malloc_h.....0W......`U............. ..`.rsrc...0I...@W..J...bU.............@..@.reloc.. ?....X..@....V.............@..B........................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_autoupdate.licenses

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):14004
                                                                                                                                                                                  Entropy (8bit):5.037159328058129
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:384:SrNYrOXburxrs4rsFm1DLTryOibEYI3WSOZzxrsCrsRm1DLY7/ymu:KYXtBLDLTryLQ4ZllRDLs/ymu
                                                                                                                                                                                  MD5:2528B26988213FE5C0EE9CE75ACC2935
                                                                                                                                                                                  SHA1:D45F0A12E3E0DE6137AE389C7DD680295ADA2A68
                                                                                                                                                                                  SHA-256:42E58027E502EDAE71B2065ED0A6AB057907C41124C220E54AB75EAA84B0B0E7
                                                                                                                                                                                  SHA-512:F99295BD23D475D854DD872521F385568EDF28E4DB778F82A03F00FCD7061394A48D3C1644B5817FADFA31BDBCB53AD131ABDB6DD11F8E615020C26A1A970F72
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:This software includes the following third party libraries/code portions:.. - libcurl, which is covered by the following license:..COPYRIGHT AND PERMISSION NOTICE..Copyright (c) 1996 - 2012, Daniel Stenberg, <daniel@haxx.se>...All rights reserved...Permission to use, copy, modify, and distribute this software for any purpose.with or without fee is hereby granted, provided that the above copyright.notice and this permission notice appear in all copies...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN.NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,.DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR.OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE.OR OTHER DEALINGS IN THE SOFTWARE...Except as contained in this notice, the name of a copyright

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_autoupdate.version

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6
                                                                                                                                                                                  Entropy (8bit):2.2516291673878226
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:3:SWhv:SW5
                                                                                                                                                                                  MD5:0589F66713BC44029A1A720B9A0D850D
                                                                                                                                                                                  SHA1:2FDF7D04F0372055C9D77CA43D9A3C08798905F3
                                                                                                                                                                                  SHA-256:64D23F858EF51B0F996E4966D4E27C0371B437E2D2787890B1F7AD22D4EC5663
                                                                                                                                                                                  SHA-512:31B29544FC93EAC2109CD1E4A617B5D5CB361C0BA608A954E873A64648E93DD65C7B4AED7F4B687F85C47E9909852FEC93B224D929BABDE1E0145A58DEA33634
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:1.3.0.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_browser.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):221057952
                                                                                                                                                                                  Entropy (8bit):6.696390746872539
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:1572864:1cOkhs7wwYZlQ1a305pSPY3VHNG4BpeWABwcWM1fDPDjo1awB/+BPJZOkRjfr7Be:1soYN3U2DDPDjo1Vkne
                                                                                                                                                                                  MD5:6C3E134767CB6D943675C232B6B3B379
                                                                                                                                                                                  SHA1:3057CF76932E304D4C4A5C207823264AD7EBA530
                                                                                                                                                                                  SHA-256:BB9EAFECE785C97BFFE19FCE610B985B1E7313605ED3F0A403E091C50D02D431
                                                                                                                                                                                  SHA-512:0E9EF7437539A69EFD75BE67266CA2CC51590C59BE503F1A9F9B53D4EACB0199FD06698C8742ECB88F0A8A50EB8E76DF4DDEF1EA804CEBE3DEEAC7A5A8E5D498
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." ......H..................................................`......b8-...`A........................................|......X..|.....m.........48Q...,..)....n.lU......8.......................(.....I.@...................`...`....................text.....H.......H................. ..`.rdata....p...H...p...H.............@..@.data...H.`.....&.................@....pdata..48Q......:Q.................@..@.00cfg..0....0l......6..............@..@.gxfg....D...@l..F...8..............@..@.retplne......l......~...................rodata.......l..................... ..`.tls..........l.....................@...CPADinfo@.....l.....................@...LZMADEC.......l..................... ..`_RDATA..\.....l.....................@..@malloc_h......m..................... ..`.rsrc.........m.....................@..@.reloc..lU....n..V..................@..B................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_browser.dll.sig

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1471
                                                                                                                                                                                  Entropy (8bit):7.59373694717507
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:38C01BC417B9C9935832C914DA5ECA45
                                                                                                                                                                                  SHA1:E8D76E1F62D9B07FE7A63B2B3189EC98DBFBA832
                                                                                                                                                                                  SHA-256:475DDE4AE359FF106B09BB476C9CAACFAA4E3B39B2F5DA23E1A076FCFC0CAC5A
                                                                                                                                                                                  SHA-512:0C3A36B9A0469D3944A826EF67FA5922A2CDDE603F106DC0B8006C1628E6C1D75C2865DB3E709D8FC2EC22AA6035FEE957D64356ADCF5EC1D2C89B229F8DE0F9
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:....0...0................K)..3...[.40...*.H........0}1.0...U....US1.0...U....Washington1.0...U....Kirkland1.0...U....Google1.0...U....Widevine1"0 ..U....widevine-codesign-root-ca0...180627202339Z..280624202339Z0..1.0...U....PL1.0...U....DOLNOSLASKIE1.0...U....WROCLAW1.0...U....Opera Software AS1.0...U....DESKTOP1.0...U....DESKTOP PROD1'0%..*.H........wdzierzanowski@opera.com0.."0...*.H.............0.........x.....jn...)>a.....-} .v...P..S..x.>k{.........Tr..Yo.D....d.....l.v.wU. .A.W5..oor....-Vs.o.......yH.pJ...?.Whs0`....Jb....3/. tl..8c........C..Byq>h..3A8..{..p....\..n...Q.t....0mQ{j......U|.W\...........s!....K...'.....s..s....P..r8..........0..0...U.......`..\../X.l...e....w0...U.#..0....=..tW....!.B.#U).0...U....0.0...U........0...U.%..0...+.......0...+.....y........0...*.H..............D.G....gtpx.......~...v.....c..%.I.....c2Y.Y.....Y^..Aa..A.b.Y.f..Zra*.),K.....n.1r.C...Z...)....W.r.gu.Z....l......S.CF.m.Y...P.W..y.f.\,.$.>...!...FK....j....XHn.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_crashreporter.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1996192
                                                                                                                                                                                  Entropy (8bit):6.484249197226973
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:5D006C2C07ADFADBF44E14529B0EB18F
                                                                                                                                                                                  SHA1:2DF529DF00DA96EDDB4F3CF5CDF642F5EA2438B2
                                                                                                                                                                                  SHA-256:114002E36EF80DC11105983A5CFE677445B469BB276FD934C51AEF1B1BC547CE
                                                                                                                                                                                  SHA-512:1B6B6C11F05FE59D81F88F9584839158E83BD3F19A41895F66C67BD8B39C6FB0939406B1FC733EE1CD3B52B2EEAC5A6AF550D1CD4E9B22A4B3B42C71B5E84DCA
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........."......x..........0..........@....................................@q....`.........................................[V..\....V............... ..8....L...)...........A..8...................`@..(.......@...........H`.......U..@....................text....v.......x.................. ..`.rdata...............|..............@..@.data...D....0......................@....pdata..8.... ......................@..@.00cfg..0...........................@..@.gxfg...@........0..................@..@.retplne.....0...........................tls.........@......................@...CPADinfo@....P....... ..............@..._RDATA..\....`......."..............@..@malloc_h.....p.......$.............. ..`.rsrc................&..............@..@.reloc..............................@..B................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_elf.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1246112
                                                                                                                                                                                  Entropy (8bit):6.507201820061807
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:297161CB74389B65BE6D1E75E8CB47F3
                                                                                                                                                                                  SHA1:DB74A72DFD8D7AF7DCBB7F3B3B46FA8C2305C03D
                                                                                                                                                                                  SHA-256:2218D12D8084665D0371233280599E892ED6F0C373C0255FC4A2868F3AD18463
                                                                                                                                                                                  SHA-512:0C2EA0B6F9549373011CFBF6BF4050CD91ED920CC2C1CF2F2C393AE8FE33BF41CA799092BDA2541457642D0ED32901EF2961BBA23E8DF3889A5C4F94A16203EC
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." .........J............................................................`A........................................Tk......Ul..(...............`........)...........\..8....................[..(...P...@............p..P....h.......................text.............................. ..`.rdata...x.......z..................@..@.data...<.... ......................@....pdata..`...........................@..@.00cfg..0....`......................@..@.gxfg...0-...p......................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\opera_gx_splash.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2255776
                                                                                                                                                                                  Entropy (8bit):6.689801630019627
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:4D8773DDEECF6222E7F8E904159A81AE
                                                                                                                                                                                  SHA1:0A8AEB08990EB081EE0F47B87174109603F4C736
                                                                                                                                                                                  SHA-256:5F28C53C82603DFFD03E6E0AFCEF17898EF9645AE488A86F7C5F425A3B25ADC6
                                                                                                                                                                                  SHA-512:18017C73362AB6E0930392271E0BAB40C718AD332C6D03BF9380789834A4FCC0A310BDA30374CB31A649B5C6467DF80C85168676BDE0C3C218A2F7DF87B0E852
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........."............................@.............................`#......n"...`.........................................S...X................M..........B"..)...@#.........8....................~..(...`...@...........@...........@....................text............................... ..`.rdata..(y.......z..................@..@.data........@.......*..............@....pdata..............$..............@..@.00cfg..0...........................@..@.gxfg...@+.......,..................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@.rsrc....M.......N..................@..@.reloc.......@#......,".............@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\013E742B-287B-4228-A0B9-BD617E4E02A4.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                  Entropy (8bit):3.286080774872623
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:91A97B1678EA6F166A6ADF4370BEC2E6
                                                                                                                                                                                  SHA1:2D4B52234F490887463B75DB53983F7133C6E46A
                                                                                                                                                                                  SHA-256:1AC6DBE3F6EE18BAA94EF8660B41528F7B8EF79148BC7B58C21485B85476A9A9
                                                                                                                                                                                  SHA-512:9D0855444968B4F4A777CE690776EAB00BF0DAA6AFD01B52BE96DFF2305572C133E1141FC79C07BC8DD4C739EC330813A7A737D7A7BAECEB46EBC35D33AB834A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ......................................... @. .>...?...?...?...?...>...@.@........................ @...>...?...?...?...?...?...?...?...?...@.. @.............. @...?...?...?...?...?...?...?...?...?...?...?...?.. @...........>...?...?...?...?...?...........?...?...?...?...?...@.......@.@.?...?...?...?...?...?...........?...?...?...?...?...?.. @. .>...?...?...?...?...?...?...........?...?...?...?...?...?...?...?...?...?...?...?...?..+K...........?...?...?...?...?...?...?...?...?...?...?...?...?..........Uo...?...?...?...?...?...?...?...?...?...?...?...?..+K..........c{......r....?...?...?...?...?...?...?...?...?...?..............9W...........?...?...?...?...?...>...?...?...?...?..........+K...?..........9W...?...?...?...>...@. .?...?...?..Uo...........?...?..9W...........?...?...?...@.@.....>...?...?..........+K...?...?...?..........9W...?...>...........@...?...?...?...?...?...?...?...?...?...?...?...?...@...............@...>...?...?...?

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\07593226-C5C5-438B-86BE-3F6361CD5B10.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):4.560345262666608
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:74FDAC19593602B8D25A5E2FDB9C3051
                                                                                                                                                                                  SHA1:81DB52E9AD1BE5946DFFA3C89F5302633A7698D2
                                                                                                                                                                                  SHA-256:F06EBEF0B912B94D7E0AF3915F2A6B6B64F74CB60BC8AAA1104C874761A0DEE6
                                                                                                                                                                                  SHA-512:8FFB507E46C99F1FEDE3F12C14998CD41AFA8CFC5C815756343041F1BEF6FAF7BA4429CEBEB87B0FB807D911F5516D235D5F893E519576B1FB675D25D025C21B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... ..........................xO~.xO.xO..xO..xO..xO..xO..xO..xO..xO..xO..xO...x...x...x...x..yO.t...x...x...x...x...x...x...x...x...x...]..yO{..x...x...x..{R...z...z...z.................................|S..{R...z...z...V...|...|...|.......|...|...|...|...|...|...|...h...V...|...|...[...~...~...~.......a...a...a...a...a...a...~...|..._...[<..~...a..................................................v...a.......i..............................................p...if..q......j..j..j..j..j..j...........................q...y..............................o........................y.................................u........................f................................|...............................................................................<...............................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\0CD5F3A0-8BF6-11E2-9E96-0800200C9A66.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):17542
                                                                                                                                                                                  Entropy (8bit):2.247918084411713
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:CA6619B86C2F6E6068B69BA3AADDB7E4
                                                                                                                                                                                  SHA1:C44A1BB9D14385334EB851FBB0AFB19D961C1EE7
                                                                                                                                                                                  SHA-256:17D02E2DB6DBEDB95DD449D06868C147AC2C3B5371497BCB9407E75336A99E09
                                                                                                                                                                                  SHA-512:30F8F8618BFBCD57925411E6860A10B6AD9A60F2A6B08D35C870EA3F4CEC4692596A937FF1457CEFF5847D5DA2B86CEBA0200706625E28C56A2455E6A8C121D3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:......00.... ..%..F... .... ......%........ ......6........ .h....@..(...0...`..... ......%.........................................E...................................................................................................................................................?...................................$...........................................................................................................................................................................................B............................................................................r...P..........................................................................................9...............-........................................................r...................................................>......................................................................$..............................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\1AF2CDD0-8BF3-11E2-9E96-0800200C9A66.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):3.17081824784348
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:64AD26B9B9D8E4DA8CD564FE4843E65F
                                                                                                                                                                                  SHA1:9D1D05134F36EBA77ED18F725BC0CA2121FA2686
                                                                                                                                                                                  SHA-256:E5DCCC694E7F34DAF334B3A48B68DA450D5B34FE8A4E06842D864E99F400770A
                                                                                                                                                                                  SHA-512:5F77BF6EC0D46C99E02A268E63587C9CD552B61FDB55ECE3955B50CC470EC103B06B2360EDA86BD49AA45458E1885F7A4E8256DA7B47DC8B8B343BCEF5CDCEA1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... .....@.......................................................................................................................................................................LVZ.G\e.................................................3u..PPP.PPP.PPP.PPP.:m..........................................Bbn.3w..OQR.PPP.PPP.PPP.NRS.+...................................PPP.E^g.....4t..PPQ.PPP.PPP.PPP.G\c.............................PPP.PPP.Cam.........9n..PPP.PPP.PPP.PPP.........................PPP.PPP.PPP.............6r..PPP.PPP.PPP.........................PPP.PPP.PPP.........LUY.PPP.PPP.PPP.PPP.........................PPP.PPP.PPP.....1y..PPP.PPP.G\d..|..............................PPP.PPP.PPP.....?gv.(...........................................PPP.PPP.PPP.....................................................PPP.PPP.F]e.....................................................PPP.Cal.'.....................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\1CF37043-6733-479C-9086-7B21A2292DDA.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):15086
                                                                                                                                                                                  Entropy (8bit):2.6549496934735806
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:0342F103B6960E1565D24EABD5A6079D
                                                                                                                                                                                  SHA1:7C6C7EF5E86A83BC7FD75729BD641244CFFC8CB4
                                                                                                                                                                                  SHA-256:F92DC912529EB9D75655DC9C41557D2AF532425D1A6C8BAFB0879109C850F955
                                                                                                                                                                                  SHA-512:E37D8445CE9E0AE80E1519A11831075994F1F3255A85E8883F1CC171204DD3A4CC9560655E54F1AA27B4602A44B1FB4711AE352942319D6F0714F17AB48EB2D4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h...6... .... .........00.... ..%..F...(....... ..... ..........................^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..]0..T$..T%.._2..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..........\...^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..[-..........}..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1...g..........Y*..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..W'..........g=..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..]/..............^0..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..wQ..........V'..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..V'..........wQ..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^0..............]/..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..g=..........W'..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..Y*...........f..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1...}.........[-..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..\/..........^1..^1..^1..^1..^1..^1..^1..^

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\2A3F5C20-8BF5-11E2-9E96-0800200C9A66.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):15086
                                                                                                                                                                                  Entropy (8bit):2.1885512297205745
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:2C40ED190AA02EB3A2CDC38B89F4458D
                                                                                                                                                                                  SHA1:F6E1F3E63098CCB207CBCF5127B7619AD294A4E2
                                                                                                                                                                                  SHA-256:FB15A61B133EC3333B377B947059550EC69304F0F9DA6FB333A54048F3E04E5D
                                                                                                                                                                                  SHA-512:1068EE61996222DCCD50C007BDC4A99D83DCC928E22AE845D27419952854A21B716878815FDA5747B75F1226DBC478F67AD9FCF177F80E326695D603B7FE7FAE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h...6... .... .........00.... ..%..F...(....... ..... ................................a...................................................a.......a...........................................................a....................................................................................................mmm.>>>.............................................FFF.............999.....................................,,,.kkk.............'''.....ddd.............................................MMM.............fff.............................BBB.TTT.........kkk.................yyy.........................................###.///.............JJJ.....................YYY.===......................................................................... .........BBB.............;;;.............@@@.............GGG.............:::.CCC.............PPP........................................................................................................................................a......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\2F8F0E41-F521-45A4-9691-F664AFAFE67F.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                  Entropy (8bit):3.2795862597625223
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:93E4504D4C585CFDA1979B37E75FE39A
                                                                                                                                                                                  SHA1:5D4296F36E878B263C5DA6AD8ABD6174E4DFF5D8
                                                                                                                                                                                  SHA-256:69AAAB4B888C83B3F77D524313F9383D9EDAA73E4AF111A7A637E9F84A1609D7
                                                                                                                                                                                  SHA-512:072638BEE318F5E15AF53CF3F9EFD9156AA4836C40E8FB5F1F856706331CB11B528DFEBE8E88713FC7146FEFB1E66A614CFF2F4E87676D886D2F09D945CBD1A0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ......................................... @. .>...?...?...?...?...>...@.@........................ @...>...?...?...?...?...?...?...?...?...@.. @.............. @...?...?...?...?...?...?...?...?...?...?...?...?.. @...........>...?...?..........r....?...?...........?...?...?...@.......@.@.?...?...?..+K..........9W...?...........?...?...?...?.. @. .>...?...?...?...?..9W...........?...........?...?...?...?...?...?...?...?...?...?..9W.......................?...?...?...?...?...?...?...?...?..+K...............?...........?...?...?...?...?...?...?...?...?...............?...?...........?...?...?...?...?...?...?...?...?..........+K...?...?...........?...?...?...?...?...>...?...?...?..........Gc...?...?...........?...?...?...?...>...@. .?...?...?..Vo..............q............?...?...?...?...@.@.....>...?...?...?..Vo.......................?...?...?...>...........@...?...?...?...?...?...?...?...?...?...?...?...?...@...............@...>...?...?...?

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\3B6191A0-8BF3-11E2-9E96-0800200C9A66.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                  Entropy (8bit):5.6318458632047665
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:9796ED786D95606D51BE9DAB54FB5350
                                                                                                                                                                                  SHA1:6EE48A6F912384D8F9CCE8BF7931BED779DC1D9D
                                                                                                                                                                                  SHA-256:74368197CB53191E522E3A73AAB974D53EAE8E38DA694A1ED2CFA06F39176E58
                                                                                                                                                                                  SHA-512:E9D14BA4486E73AB0FBB30F0C505E8AB2D8D5F55A3F87EC33AAE994F3B796EA415564136E70812B6ED09595D1BEAB345FEE1B7199694CE3F12118307065330D1
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:...... .... .....&......... .h.......(... ...@..... ...........................;.p.5.o.6.o.6Dd.0.........................................................................................d.0.o.6Do.6.o.4..;...;.p.3.o.3.n.3.q.3.n.3.r.7.n.5.o.6up.8Pn.7)i.2.................................m.3.n.6*q.8Po.7tn.5.n.4.n.3.q.3.n.3.n.3.p.3...;...;.q.3.s.4.s.4.v.5.q.4.r.4.q.4.q.4.q.5.q.5.q.5.q.4.p.4.r.5.p.4.q.4.q.4.q.5.q.4.r.5.q.5.q.5.q.5.q.4.q.3.r.4.u.5.s.4.r.3.p.3...;...;.t.5.w.5.v.5.y.6.u.5.w.6.x.7.x.7.w.7.x.8.y.8.y.9.z.9.z.9.v.7.w.9.y.9.z.9.v.8.v.7.v.8.v.7.v.6.v.6.v.6.z.7.x.6.v.5.t.5.r.3...;...;.u.5.x.6.{.7.y.6.y.7.z.8.|.8.}.9...;...<...<.~.<...<...<.{.:.|.;.}.;.z.:.{.:.|.:.z.:.{.:.{.9.{.9...:.{.8.|.8.w.6.t.5.t.5...;...;.v.5.z.7...9.}.8.}.9...9...;...;...<...=...=...>...>...?...=...>...>...>...>...>...>...<...<...;...<...<.|.8.~.8.y.6.t.5...;...;.w.5...9...;...;...;...;...<...>...>...?...@...A...A.................@...A...A...?...>...>...>...>...=...;...<.}.8.v.5...;...;.z.7...:...<...<...>...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\3BFDFA54-5DD6-4DFF-8B6C-C1715F306D6B.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4286
                                                                                                                                                                                  Entropy (8bit):5.1032077050059135
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:BD5865B6A3787241931895B562D1AAF9
                                                                                                                                                                                  SHA1:AB4636F3D534E11F8FCFDEA8A5070CD5D203F9C5
                                                                                                                                                                                  SHA-256:A81AD17502B90A50BB491911F35D44BEF0A855BDA2F9BFCD7D98868AD0678718
                                                                                                                                                                                  SHA-512:247766FE6585C0E965E7861AEDC48511CF825812B4C72345CB6FDBB148C3ED6A654C70D216187B4095770FB3BE1B5A18CD5A7289F5EE3BE0E6D01CB2AA12F40A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:...... .... .........(... ...@..... .................................................................(H. 'D.p'D.#C..'D..'D..'D..'D..#C..'D.'D.p(H. ........................................................................(D.@%E.'E..'E..'E..]s..]s..x...........k...5P..'E..'E..%E.(D.@........................................................ @..'D.'E..'E..%E.(E.`...............................(E.`%E.'E..'E..'D. @..............................................%E.0'F..'F..'F..(D.@.......@.........................'F.%E.0....(D.@'F..'F..'F..%E.0....................................(E.`'F..'F..(F.....&F.P#C..........F.d.F.d....s.z........3r..<...3x..&F.P....(F.'F..'F..(E.`............................%E.0'G..'G..(E.` @..'G.'G..B[.........F.d.F.d.E.Z.F.d.F.d.F.d.F.d.F.d.>...'G..'G. @..(E.`'G..'G..%E.0.................... @..'G..'G..(H.` @..'G..'G..'G..\p.........F.d.F.d.E.T.F.d.F.d.F.d.F.d.F.d.>...'G..'G..'G.. @..(H.`'G..'G.. @..................'G.'G..(H. P..'G..'G..'G..'G....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\4C95ADC1-5FD9-449D-BC75-77CA217403AE.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):4.0366948059247445
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:3264B65E59E51CA4943AE076748BFCEC
                                                                                                                                                                                  SHA1:59AD003192DB03CA1E089924955FDCE0E25D159D
                                                                                                                                                                                  SHA-256:65944B9D2003DCB988A8E3E03D29074A8C142520431EFBA1CC115036A8072F47
                                                                                                                                                                                  SHA-512:7D81E6EE46A4389274C11178CB8E4CCF04BAAF1EEAD91BA44F27D7AF0290C55F55FBA2E7EC9E72DECA58D5138BA13238DCFB0956974E82059FE5285994090192
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... ...............................................................................7M$.*.(........................l......n.D.%.`...]R..P...A0 .4.%.'.)..................].........-.m...u...h...[...M...?.!.2.%.%.*..B...........v.........]w.G...........f...X...K...>.".0.&.#*...........<....................................H:..;.#.-.'. ...................$..................................8a#.+.(..}.................................................... .6.$.*.).......uj.i.......`........................................kG..*..........[.p}....U...........................................]fw./......:....oo...............................................4...........-...?...............................................'...........?...O...^.d.......................................1.E.........S...b...q.....f....................................................t.'...............n...FE..].........................................................0.......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\5BBBDD5B-EDC7-4168-9F5D-290AF826E716.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):2.867292544398476
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:7868D43BE5BE8978E247DA73B69A50AC
                                                                                                                                                                                  SHA1:8F30676FF39D8A5DA69D2DCC624A6279FD323A13
                                                                                                                                                                                  SHA-256:FA6C55B1C6F924242A2EE556859BB935A2427320AFC7D2C911AD4192727662A2
                                                                                                                                                                                  SHA-512:52C174144A81B0218695FBB8F9152EEC917D914CD5DF2662A03706E161025FA962CDF4E952B42D990C254377B0B1A4B5B4B01AAF4E62AC6072847CE947252767
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... ............................................%...1...7...8...8...8...8...1...$.......................*...........................................................,.......@....Z...Z...Z...Z...Z...Z...Z...d.........$.................Z...Z...Z...Z...Z...Z...Z...Z...Z...Z.........1.......'.... o...Z...Z.. o...................Z...Z...Z.........8.......1.....Z...Z...Z.......................Z...Z...Z.........8......./.....Z...Z...Z.......................Z...Z...Z.........8.......#....@....Z...Z...d...................Z...Z...Z.........8.................d...Z...Z...Z...Z...Z...Z...Z...Z...Z.........8...........%........p... o...Z...Z...Z...Z...Z...Z...Z.........6...............B.............................Z...Z...d........./.....................d..................`....Z...Z..P..........#.....................Z...Z...Z...Z...Z...Z...Z...Z.............................`.... o...Z...Z...Z...Z...Z...Z.............-..................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\66DD4BB6-A3BA-4B11-AF7A-F4BF23E073B2.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):15086
                                                                                                                                                                                  Entropy (8bit):2.1885512297205745
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:2C40ED190AA02EB3A2CDC38B89F4458D
                                                                                                                                                                                  SHA1:F6E1F3E63098CCB207CBCF5127B7619AD294A4E2
                                                                                                                                                                                  SHA-256:FB15A61B133EC3333B377B947059550EC69304F0F9DA6FB333A54048F3E04E5D
                                                                                                                                                                                  SHA-512:1068EE61996222DCCD50C007BDC4A99D83DCC928E22AE845D27419952854A21B716878815FDA5747B75F1226DBC478F67AD9FCF177F80E326695D603B7FE7FAE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h...6... .... .........00.... ..%..F...(....... ..... ................................a...................................................a.......a...........................................................a....................................................................................................mmm.>>>.............................................FFF.............999.....................................,,,.kkk.............'''.....ddd.............................................MMM.............fff.............................BBB.TTT.........kkk.................yyy.........................................###.///.............JJJ.....................YYY.===......................................................................... .........BBB.............;;;.............@@@.............GGG.............:::.CCC.............PPP........................................................................................................................................a......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\6D3582E1-6013-429F-BB34-C75B90CDD1F8.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):4.560345262666608
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:74FDAC19593602B8D25A5E2FDB9C3051
                                                                                                                                                                                  SHA1:81DB52E9AD1BE5946DFFA3C89F5302633A7698D2
                                                                                                                                                                                  SHA-256:F06EBEF0B912B94D7E0AF3915F2A6B6B64F74CB60BC8AAA1104C874761A0DEE6
                                                                                                                                                                                  SHA-512:8FFB507E46C99F1FEDE3F12C14998CD41AFA8CFC5C815756343041F1BEF6FAF7BA4429CEBEB87B0FB807D911F5516D235D5F893E519576B1FB675D25D025C21B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... ..........................xO~.xO.xO..xO..xO..xO..xO..xO..xO..xO..xO..xO...x...x...x...x..yO.t...x...x...x...x...x...x...x...x...x...]..yO{..x...x...x..{R...z...z...z.................................|S..{R...z...z...V...|...|...|.......|...|...|...|...|...|...|...h...V...|...|...[...~...~...~.......a...a...a...a...a...a...~...|..._...[<..~...a..................................................v...a.......i..............................................p...if..q......j..j..j..j..j..j...........................q...y..............................o........................y.................................u........................f................................|...............................................................................<...............................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\76C397A8-9E8E-4706-8203-BD2878E9C618.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):6.638581632319262
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:15CC60C14626AE2549F3305C25B249F7
                                                                                                                                                                                  SHA1:A5DB46CDB09B46FD644BE78D2E3B798AE1C3DAEE
                                                                                                                                                                                  SHA-256:2D2E6EDAD6C27FD6BC79F2B02E15C1F8B227C1621536F902F065673FE03D0667
                                                                                                                                                                                  SHA-512:75BC0B4C13D40C253B796FEF48AAF4F9BF8C5981B20D287E740AD9950CD95CBAB32456E57804A907D68475C8E0E2B174A4964C9014849B6A84EAB658052E6812
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... .....@...................pn..b..%U.1#M.B!H.L!G.O!G.Q!(9..%&..%".......................)._]w..P...I./.E.>.D.H.C.K.G.E.N.;.^. .]u,.............. ...4...F.oEz..=...9.'.7.3.8.;.:.?.?.;.H.0.[...BX........... ...3...M...`.g=w..7}..5~&.4.0.3.4.5.5.9.2.C.*.V...(5B..........+...E...c...r.e8w..5|..5.5.5.=.4.;.5.6.9./.B.$.N|....o..........6...W...v...|.e7{..7.?.8.W.8.Y.8.S.:.J.<.>.F.,.Dl$..........#...A...i.......|.c8.F.:.i.;.w.;.w.;.q.<.h.>.^.D.L./\_..........*...M...s...}..:w.s9._.;.s.5.m.6.m.9.r.:.n.:.e.:.U.0M_..........+...O...i...k..{xW.5.P.0o..)i..(n..*x..,...,...-...{j...b...c'.fVU.?J..(I...9...lW.+K./)N..*h..*q..*s..)v..'...3v...e...o.............{....)....)G./+b..,w..,{..,y..+v..$u..E^z..h...l...z...................k.1/~..1...1...0....... h..]XF..i...k...r...~...............3..15...7...7...5...1....^..t^ ..h...j...m...q...t...w...x..v..8..1:...<...=...<...5...4q...`...e...i...l...m...l...k...k..j..4..79...<...=...=...:...K...~m'.}l&..k..v

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\8D754F20-8BF5-11E2-9E96-0800200C9A66.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6518
                                                                                                                                                                                  Entropy (8bit):2.407909805152941
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:5E5293480F2EE9B15767E01F4D5DBAF5
                                                                                                                                                                                  SHA1:4AF378AE27C39DC0128EF2094A5E6B657ADB60B0
                                                                                                                                                                                  SHA-256:87CFD63B77DA23BF2B7C342F666138C3C35CEC7F2AABD51618447913AEE97DA3
                                                                                                                                                                                  SHA-512:3CDE31C1641B945BF1007AAE8468E815E29B1712AB877AAE2FE9C94A4AB3C1BF39F027A4FD113F962B466903E2550D52AD88E9AA5826BC66D96F43CA4AA8F3DB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .(...&... .... .(...N...(....... ..... .........................................................................................................................................................................................................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d..................................82..82..82..82...d...d...d...d.........................................................................................................................................................................................................................................................l...................o.......................................$......

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\AD2FD2BD-0727-4AF7-8917-AAED8627ED47.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):1.6159828216175358
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:58605FAE7FE4E695F5FD358A7465565B
                                                                                                                                                                                  SHA1:F47615D987B3F2D8FCE40DC93D55DEE71A78CDDC
                                                                                                                                                                                  SHA-256:831CC92E9F60D151B3446E5125AF5A8C45E613636D384324179AE565DFEC08FC
                                                                                                                                                                                  SHA-512:C045AC34FC39BBF1D7B108EB85165C57E551B47239D8A6515F7EC843C2AAE0CAEDA9E3E1CB919F1AED2FF9F98FF8D34934ED961ECEBCA1413A1FCBDA4F09343F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... .....@......................................................................................................................................*..........................................................h.......:...............z....................................................................................................................................................A...........,.....................................R.......T...............M..............................w..............7...............Q..............................7...............0....................................................................<..................................................................u...................................................................................................................u...............w..................................................................................................E...H......................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\B478FE0C-0761-41C3-946F-CD1340356039.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):4.994300674852024
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:D2F1F9CE53773F7F51412AFFFEE0D97A
                                                                                                                                                                                  SHA1:748398747AAA25473BBB58353FCBCCB424E78849
                                                                                                                                                                                  SHA-256:00764980C4713198CBCDF7BD6A657BBAFFE15AE3BAA4E09A8EF19F32606BB6F0
                                                                                                                                                                                  SHA-512:010734637DCE084DBADD5C8D7A5ACC73FF262F37331AF4C9FD318310A12986917C647FFFFABF97C102C97A496D07CBF7F834DD358901D65DBC6CD77CD1F827D3
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... .....@....................................<...<.k.<...=...=...=...=.k.?...N...U...................<...<.t.=...>...>.d.=.?.=.?.>.d.>...E...[...V...G.4.........<...<...>...>...................................E.j.A.1.........<...>...?.......D.+.G.].H.y.H...G.y.E.N.D.......?...=.......<.+.=...>. .@.o.C...H...L...N...N...L...H...C...A.<.?. .>...<.+.<...>.......B...H...L...O.Y.R.4.S.6.S...O...H...C.......>...<...=...>.;.....E._.H.......... `.. _.F.\...U...M...F.......>.<.=...=...=...............X.0!b..%j..%j..!b...X...P...J.B.....>...=...=...=.......J...P...X..!b..%k..%k.."c...Z...S...........>...=...=...>./.....G...M...U...].."b.."d.A!`...........H.......>./.=...<...>.|.....C...I...O...U...W...V...S.'.M.e.H...D.......>.{.<...<.@.>...?...A.Y.D...I...M...P...P...M...I...D...A...?...>...<.@.....<...>...?...B.).D...G...I...I...H...F.^.C...@...>...<...........<...<...>...?...........................?...>...<...<...............<...<...>...>.}.>.0.>...>...>.0.>

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\C665D993-1B49-4C2E-962C-BEB19993BB86.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                  Entropy (8bit):3.2795862597625223
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:93E4504D4C585CFDA1979B37E75FE39A
                                                                                                                                                                                  SHA1:5D4296F36E878B263C5DA6AD8ABD6174E4DFF5D8
                                                                                                                                                                                  SHA-256:69AAAB4B888C83B3F77D524313F9383D9EDAA73E4AF111A7A637E9F84A1609D7
                                                                                                                                                                                  SHA-512:072638BEE318F5E15AF53CF3F9EFD9156AA4836C40E8FB5F1F856706331CB11B528DFEBE8E88713FC7146FEFB1E66A614CFF2F4E87676D886D2F09D945CBD1A0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ......................................... @. .>...?...?...?...?...>...@.@........................ @...>...?...?...?...?...?...?...?...?...@.. @.............. @...?...?...?...?...?...?...?...?...?...?...?...?.. @...........>...?...?..........r....?...?...........?...?...?...@.......@.@.?...?...?..+K..........9W...?...........?...?...?...?.. @. .>...?...?...?...?..9W...........?...........?...?...?...?...?...?...?...?...?...?..9W.......................?...?...?...?...?...?...?...?...?..+K...............?...........?...?...?...?...?...?...?...?...?...............?...?...........?...?...?...?...?...?...?...?...?..........+K...?...?...........?...?...?...?...?...>...?...?...?..........Gc...?...?...........?...?...?...?...>...@. .?...?...?..Vo..............q............?...?...?...?...@.@.....>...?...?...?..Vo.......................?...?...?...>...........@...?...?...?...?...?...?...?...?...?...?...?...?...@...............@...>...?...?...?

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\CCCED631-6DA2-4060-9824-95737E64350C.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                  Entropy (8bit):3.2795862597625223
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:93E4504D4C585CFDA1979B37E75FE39A
                                                                                                                                                                                  SHA1:5D4296F36E878B263C5DA6AD8ABD6174E4DFF5D8
                                                                                                                                                                                  SHA-256:69AAAB4B888C83B3F77D524313F9383D9EDAA73E4AF111A7A637E9F84A1609D7
                                                                                                                                                                                  SHA-512:072638BEE318F5E15AF53CF3F9EFD9156AA4836C40E8FB5F1F856706331CB11B528DFEBE8E88713FC7146FEFB1E66A614CFF2F4E87676D886D2F09D945CBD1A0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ......................................... @. .>...?...?...?...?...>...@.@........................ @...>...?...?...?...?...?...?...?...?...@.. @.............. @...?...?...?...?...?...?...?...?...?...?...?...?.. @...........>...?...?..........r....?...?...........?...?...?...@.......@.@.?...?...?..+K..........9W...?...........?...?...?...?.. @. .>...?...?...?...?..9W...........?...........?...?...?...?...?...?...?...?...?...?..9W.......................?...?...?...?...?...?...?...?...?..+K...............?...........?...?...?...?...?...?...?...?...?...............?...?...........?...?...?...?...?...?...?...?...?..........+K...?...?...........?...?...?...?...?...>...?...?...?..........Gc...?...?...........?...?...?...?...>...@. .?...?...?..Vo..............q............?...?...?...?...@.@.....>...?...?...?..Vo.......................?...?...?...>...........@...?...?...?...?...?...?...?...?...?...?...?...?...@...............@...>...?...?...?

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\CFCE84E5-9A95-4B3F-B8E4-3E98CF7EE6C5.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 6 icons, 16x16, 2 colors, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):34686
                                                                                                                                                                                  Entropy (8bit):1.1787188557524333
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:5337074698C608F4996D7F6AC571DBB9
                                                                                                                                                                                  SHA1:66CB3910242DDA40A4E17C76FDC73829C8DB99BD
                                                                                                                                                                                  SHA-256:B3C8A7AA2BC429AA15A764574D7C7D54F2672628DFF75CA830A5DB4CBC878B3D
                                                                                                                                                                                  SHA-512:D48AF3344304FFE613511529C227F0CDE3443C6409F14058D3E381754D6FE9295B71332840BBE8D55EFE40C893AB0513B15C70EC36008844508BA4FCC8E492DB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:..................f......... .h............. .....~... .... .........00.... ..%......@@.... .(B..VE..(....... ...................................3........................................f..8........................................'...........s...1.............................(....... ..... .....@...............................................................................................................................................................................................................................................................................................3..n3...3...3...3...3...........3...3...................................9...3...3..o............3..43..)3...............................9...3...3..p................3...3...........................3..,3...3...3...3...............3..q3...3..>................3...3...3...3..O3..Z3...3..*........3..$3...3...................3...3...3...........3..93...3..X........3...3...3...........3...3...3...............3...3...3.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\CFD4BE41-4C6D-496A-ADDB-4095DFA1DD0E.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 8 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5686
                                                                                                                                                                                  Entropy (8bit):3.499087745233182
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:CAE06CD4B5B7BE327CCB00A6DD6F588C
                                                                                                                                                                                  SHA1:91AB18740E8C44D89F0C66485DEE5E616999921B
                                                                                                                                                                                  SHA-256:0031AC87D8B67D608BF586EE097204782580EE645891C5D3D05591AE00F47953
                                                                                                                                                                                  SHA-512:AD0DEEB131E9D78A58E0C61F0433F06332F0116129EA55F16739FF2C6A3767F5082500152B98273140296B8A8F1A7CAF984289AF5D562969B2515143E75E48B6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:..............h...&... .... .........(....... ...........@............................2)......7..............le..TL..............vo..e^..........g`......}w..........zu..............E=....91......YQ..[T...........z..........>6..OG..ic..........]V..b[.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\F3F34CBB-24FF-4830-9E87-1663E7A0A5EE.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):15086
                                                                                                                                                                                  Entropy (8bit):2.6549496934735806
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:0342F103B6960E1565D24EABD5A6079D
                                                                                                                                                                                  SHA1:7C6C7EF5E86A83BC7FD75729BD641244CFFC8CB4
                                                                                                                                                                                  SHA-256:F92DC912529EB9D75655DC9C41557D2AF532425D1A6C8BAFB0879109C850F955
                                                                                                                                                                                  SHA-512:E37D8445CE9E0AE80E1519A11831075994F1F3255A85E8883F1CC171204DD3A4CC9560655E54F1AA27B4602A44B1FB4711AE352942319D6F0714F17AB48EB2D4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h...6... .... .........00.... ..%..F...(....... ..... ..........................^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..]0..T$..T%.._2..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..........\...^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..[-..........}..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1...g..........Y*..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..W'..........g=..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..]/..............^0..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..wQ..........V'..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..V'..........wQ..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^0..............]/..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..g=..........W'..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..Y*...........f..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1...}.........[-..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..^1..\/..........^1..^1..^1..^1..^1..^1..^1..^

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\F98D4D4C-8AA7-4619-A1E7-AC89B24558DD.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):2.5312914343989297
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:192A42730EEA5A6A3238F50285F01010
                                                                                                                                                                                  SHA1:28FC94448C726E0D62375942866A1FAFC916F61A
                                                                                                                                                                                  SHA-256:4515919BA9C8A1AE19DEAE230F2FDFBB94DE5C29753DC3FB7C2A877B474F4F0F
                                                                                                                                                                                  SHA-512:B680B643CC66B7687108C34ADBE80996851A5B24BEAE2E7EA58C8C8AB86D4900DF12D5A4E8380186A53D7A46F923B6A4D7DB46555C5BCB0F90021DDA10D4568A
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... .....@..........................f............j...=...................................................<...s??....................g...!...............................................*...q.................N.......................................................|..........._.......................................................v...........................................................%.......................................................M..................q...............................9.....................................................J..............................i.................................................n...;...............................{.......................4.........................................................................Y...........................C..................................................................Q.......................................................................K.................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\FDC2CCAB-E8F9-4620-91DD-B0B67285997C.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):4.560345262666608
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:74FDAC19593602B8D25A5E2FDB9C3051
                                                                                                                                                                                  SHA1:81DB52E9AD1BE5946DFFA3C89F5302633A7698D2
                                                                                                                                                                                  SHA-256:F06EBEF0B912B94D7E0AF3915F2A6B6B64F74CB60BC8AAA1104C874761A0DEE6
                                                                                                                                                                                  SHA-512:8FFB507E46C99F1FEDE3F12C14998CD41AFA8CFC5C815756343041F1BEF6FAF7BA4429CEBEB87B0FB807D911F5516D235D5F893E519576B1FB675D25D025C21B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... ..........................xO~.xO.xO..xO..xO..xO..xO..xO..xO..xO..xO..xO...x...x...x...x..yO.t...x...x...x...x...x...x...x...x...x...]..yO{..x...x...x..{R...z...z...z.................................|S..{R...z...z...V...|...|...|.......|...|...|...|...|...|...|...h...V...|...|...[...~...~...~.......a...a...a...a...a...a...~...|..._...[<..~...a..................................................v...a.......i..............................................p...if..q......j..j..j..j..j..j...........................q...y..............................o........................y.................................u........................f................................|...............................................................................<...............................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\FF57F01A-0718-44B7-8A1F-8B15BC33A50B.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5430
                                                                                                                                                                                  Entropy (8bit):3.6877369236023396
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:4CA6A47462D19D539F9A32B702B10177
                                                                                                                                                                                  SHA1:1F53B02309B901C8E7CC20F8640187F4F185F393
                                                                                                                                                                                  SHA-256:1BACA3300AEA9840985CFBFBAF1622BE00922BA193168C1FC4246BDB8898F217
                                                                                                                                                                                  SHA-512:E08A0013A7D8664CBBD88EAA1235A27704DBB4BD13D849D45B3A529F7373844D67C11A2B13881823EF6586840980B670C8FB278CF220D1093976CD00148CA2B6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................u.].X.:.W.9.r.X........................................q.W.S.4.S.4.S.4.S.4.S.4.S.4...Q....................0........p.W.S.4.X.:.................D..A...f.........................K.H.V.8..........................F..B.....................6.......................................B..............................................B..B..B..B..B...s..........................................B..B..B..B..B...z.................5.................................................................../P..9G.................................................0........Wb..5C..;I..................P\.....................0................Wb..5C..5C..5C..5C..5C..5C..kv..........................................\g..:H..9G..[f....................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\FFF3F819-B6CE-4DE6-B4E4-8E2618ABC0D9.ico

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1150
                                                                                                                                                                                  Entropy (8bit):3.9160268464631507
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:72460DF2C3C16ED7FFFA3988F5E86CBA
                                                                                                                                                                                  SHA1:B17DACC408D124A0AEF2650A92F3C0AB2F9D4F54
                                                                                                                                                                                  SHA-256:8D2A443307CEBA1D996D0DDAF5FCE63B838B5DAFA6F09AAEFF2D83127F38DE01
                                                                                                                                                                                  SHA-512:516720411D964823FD88A63BB1B0AD49F8A98BEE03D13CCDF23EB5775C8B4A02E743D099A481573C02B311B27E447F646DEEA5AEB6066FABF38EFFE96E712876
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:............ .h.......(....... ..... .................................................................................................................................................................................................................................!.......F?..................................MG..............................OJ..................................................................ZT......................................................( .............................."..................................."................................................................................{..........................................UO..................................................................ZS......................................................93...................................&.............................. ...........................!.............................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\ab_tests.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2561
                                                                                                                                                                                  Entropy (8bit):4.511287976109681
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:1A9CD4E4812B2D130CA45228BCB33700
                                                                                                                                                                                  SHA1:10A4DA3CDBE3320CA8DE96C810AF22576333B2F0
                                                                                                                                                                                  SHA-256:C42F8D9E12DB61B769D6D8D345CECD6668EC4847C80A107910BBF87530223C32
                                                                                                                                                                                  SHA-512:FF13EBB69177190393F62528216F05170BD68A2E2A3CA511DDD92E40ACABABDB5CC002FB546ED8451FD952F1FF2FD4A6C93658DF3FCE987D7193B1F1D9615CC2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// tQtPYzJXnVa9SzjE0kXvU4xD/vLOQ3hg9wx9hzaCwIr7vvWyxsfKcoeBDzRhH32rMbTc8JdyS136pCaw/VzcEkpqwBXdOAhorEbiIX/gdISGtTN+l0c0xcOi4TVRtVh9eZ0PXwx9DhHn9UNOg9blF6mFcTxEWtnio8SP17o7RjmUzXyw7Vgxkq05I6iDTeLJYSIa9Ioe5a78EoKeWmPNX6Q/1/5Ga55FcZ+O44k9Fvbneuw1z17PhBMhe7zD+4dW6t38GaYX4wFVaVuiI34KLCjpUi6X+nsjkYjbhxuLAHVZyMZhYjgin24+CN/nRM8ohfN2U7ZCthbfHT71KSQI2g==.{. "version": 2023102301,. "tests": [. {. "name": "DNA-93212-ru",. "total_test_percentage": 20,. "country": "ru",. "test_state": 1,. "test_groups" : [. {. "name": "DNA-93212-test-ru",. "preferences": {. "gx.show-yandex-in-mid-profile" : true. }. },. {. "name": "DNA-93212-ref-ru",. "preferences": {. "gx.show-yandex-in-mid-profile" : false. }. }. ]. },. {. "name": "DNA-99214_GXCTest10",. "total_test_percentage": 10,. "test_state": 1,. "test_groups" : [. {. "name": "GXC

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\automatic_search_engines.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):696
                                                                                                                                                                                  Entropy (8bit):5.5212029392751605
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:A57F6FF749977E20CB51141D94BF0188
                                                                                                                                                                                  SHA1:E5C47419036365F7BD8B4AC3CEDE333268D312DD
                                                                                                                                                                                  SHA-256:86F89B4CC2CB0C835E543C0F6D327432E3593C42C303CC6A4C57B28652DD9199
                                                                                                                                                                                  SHA-512:EAE1D63EC5D33E56690C80697B630D8F8600CC86539F4D5C7935CCA096BB0656352E4300F2D2338FC0AA8FC5C70676CDAF5C5EA346FA3293C8F67B4E6C15B3DE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// F7n3Sy/IGmzReATRzTK63iFOUytSjLBn7i6IzCDmG2oYcMh/i4+7dDN2+duv0z2/mT17AIM4I6bzJLLlCisaJwhnLYpfUBxV0xfgvqpl8+uy1/4XJ9OcA8r9+0tW9IGuF7oeolZnD9XaLAnkIaCJ6P6AeXnhOMXmHZwL+1IELm3Vdr26IHMFggBOWxcbcW+4cBGvIXeZFR8UuAG2cruv5MtJe34/ZwhLdh1MZVSVEvmh1PONPhw1z6Divsdn54EFW7Lx5Mi5E48pPrTD1VWbxz2y9exetRjsvXMEs+dkZ7vIhLV4RUKbNOOaraJ89+ITdJw2euMU9FXVyxzsncBI1A==.{."version": 1,."list": [. {. "url": "https://medium.com",. "short_name": "medium_custom",. "countries": [. "fr",. "pl",. "no". ]. },. {. "url": "https://youtube.com". },. {. "url": "https://redir.opera.com/amazon/",. "short_name": "Amazon". }.].}.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\browser.js

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:C source, ASCII text, with very long lines (347)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):22353
                                                                                                                                                                                  Entropy (8bit):4.084825970683737
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:DF1A04DA30E0B88B9CFE8918C832BB6D
                                                                                                                                                                                  SHA1:9D07A99E6EFA22FF4107EC01BF664939F3A6FCDC
                                                                                                                                                                                  SHA-256:A53187E2863A1183A86939230B77CB40C05940C35469A8E855EEDCA55377E5BB
                                                                                                                                                                                  SHA-512:E328A474DCA5D59E304AE7C6A1069A221DE2023C310C140C488CDE536EBF182AC3AD47A1E6689C5E5F8F3DFC712D1F823CE6524FE037B9268A3CD8E3D0ECB5F4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// QDZIV7kmNLFZgRELAVJ4Npq5/hyhUXjTxGn2/2o0SsLUM77EXaxAuJZqQ1Mdw+aU8SKvwkSDNmeZRw+Y2asSEmnZG0HOqIMgmSfu6zHN2h0GY3CUdgtIm3LQUaU62NOFOOGcp0TnowAvMQidWXc9t4H4zDprkArVTz9cZvdVSMmkI/1lSQqFeI272KGS7W3ELlu/GROyeOfa+yv+DUmcVSt9Pw4fHkOVVgGR92BL2uV7jWANQ/AJHlVK+1z54Y/04wBZNA0w8sJU1Yu2g12hwQ7ZCwAiMOFfjm1ZhznUCtQYgEJDoXsFQrdGywrZjZQkidlO+Op7u32m2GbP51mYxg==./**. ** Copyright (C) 2023 Opera Norway AS. All rights reserved.. **. ** This file is part of the Opera web browser.. **. ** This script patches sites to work better with Opera. ** For more information see http://www.opera.com/docs/browserjs/. **. ** If you have comments on these patches (for example if you are the webmaster. ** and want to inform us about a fixed site that no longer needs patching). ** please report issues through the bug tracking system. ** https://bugs.opera.com/. **. ** DO NOT EDIT THIS FILE! It will not be used by Opera if edited.. **. ** BROWSERJS_TIMESTAMP = '202312111442'; // for versioning; see DNA-54964. **/..'use str

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\continue_shopping.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (3079)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):176599
                                                                                                                                                                                  Entropy (8bit):6.075727372912163
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:A162EAB85D75BF2BCFA75C55006FAD81
                                                                                                                                                                                  SHA1:BBF0FC057A13BB83EFB2EC34A26074A4A3A274F0
                                                                                                                                                                                  SHA-256:FB4B41F69E1654CB6C9F23391DA77CAE4420EBDDA52364BAC669DBD8A066211F
                                                                                                                                                                                  SHA-512:86FE37B6E9195555B1B35685B55B856F8E0E8B6CECB8E8640B6A40C705266283BDA4DFB8D3E6CF2DE50CD4EFF41E167DF2712D0996F781C3D9F6282A9A2D9F5D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// BfLmK3tVcIpY51J5MKykgiQE54C1mA8T+ydgVpHAMpmAG5OlG8gIwjuZSJAyaMCm0/5f2JmyfStIa7tLjTUUdIUtdsSzEDLVxH4D2nTfDlKMz06HEG9cKpRuu/iwovPG5IyU5ozwMFQcaf5A0AiZEf2si7h6rm7sW2hH8y5Qtiq3lwont5S/bg9u5xxZYQiEVU24OXB1Atlb0NT3YX9uutVmq/v0Zzf3+aObiuUqCxwd9t9sMVRpZjF25UypZhD5XSI+P4V6vSWOIwgj9sCVgUvbtOroWmOYwZK5F3bqtBd+aaJbG3tgxSdR8bqeX5YYStRHSshuqodtjukjCLyIeA==.{. "version": 9,. "partners": [. {. "partner_id": "aboutyou_at",. "partner_domain": "aboutyou.at",. "product_url_pattern": "\/p\/.*",. "product_history_pattern": "\"aboutyou.at/p/\"",. "partner_icon": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAMAAABg3Am1AAAAclBMVEUAAAD////4+PgYGBikpKQmJiYLCwvi4uLb29tLS0v09PTp6emCgoJra2tcXFxJSUnr6+vJycmKioo6OjojIyP8/PxfX1/6+vrMzMyamprf39/S0tLR0dG9vb28vLxDQ0MfHx8aGhrd3d2GhoZ3d3dFRUWvj4E8AAABVklEQVRIx+1VV5bDIAy0wcbg3kt62b3/FTeUZ+EW7Yt/M5/SSIyEEM4Xn4L5lRCVz/7Hpq13jEJCwujotRSl1yVv3BENL+v3/OThzsCTd2o84i5AvE1dt/NIyoMgH4PPt438F8Mu4syn1M/iwsRc1s/wtLdP2dje1JTkrdbbqfSDne0a6IBupf

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\custom_partner_content.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1344708
                                                                                                                                                                                  Entropy (8bit):6.081849998191263
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:1FB07CF2B20D516ADC1067D9C4C57BB7
                                                                                                                                                                                  SHA1:DA0BFEB9A98B2FDAF422A1B52FFA33ECA0684EA1
                                                                                                                                                                                  SHA-256:294592F92BDDA407A531D81D64B7D141979F7B5B052370C1041430530DB7C481
                                                                                                                                                                                  SHA-512:F4B17E1E60281465A3288E5BDE7C537AC419236A72B680AD533E93CAE81DC8E12221339A737C27257B0A561192F655C70230D818EB0219CCB5E4641B5FF811D8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// DUwgkzpRs2UBZDQI77+cT3P6rFCB1A0dTs323s0P8VwKPNxJg7UC76QDbcCRMySUWu6oS1yzTCguRlUYTcidqpeZdtHOL09/z+luPzIHHqB/vQ9rnmKvNPJpGrBJkKfytTOuw9v8frDeZaeH6r4iB1b3IcxXDVBG/cZiVMvhj0/b9SbAbkgN94GUrDjIArHEo49eBMFcYKuLFjOUmbiRuESFn3Rlx1SFNsPk2GEohrRvsb3Fzh9UH6hwKFUEBxwUWIGMtPpf2rIDmUxAEUigjvrWMiGoDk4x5FdM+p5livY9OVeyVGtcfDm8zZJ3psJ6Uz8cqK1ZhYsebZFUup9rZA==.{. "version": 32,. "partner_id": "std-1",. "user_agent": "std-1",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0].

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\daily_wallpapers.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):72163
                                                                                                                                                                                  Entropy (8bit):4.601891206052405
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:9DA90B26455525B2331FB64ABD1B0D60
                                                                                                                                                                                  SHA1:592BB5CFCC9DF4126BEE2AC5464703D180789AC3
                                                                                                                                                                                  SHA-256:924BD0C85221070ADAA23138C911C55AB29D84279782FE937D1E70407CC22C66
                                                                                                                                                                                  SHA-512:D058B76007FD7568E23E351C96E8F34AF639D30DC0633052CBE8A094598E3F74D90E81DAE9EAA5AD96988F3CC2157A249927F0D015104666449C5D116E256CFF
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{. "daily_wallpapers_schedule": [. {. "wallpaper_id": "mods/kaandijoelepfajcbaglpnacgmebonpc/smart_wallpaper",. "start_date": "2023/9/4",. "end_date": "2023/9/5". },. {. "wallpaper_id": "mods/anlamljaonmlkmfaipamolamdpjobldl/smart_wallpaper",. "start_date": "2023/9/5",. "end_date": "2023/9/6". },. {. "wallpaper_id": "mods/eaahgnceaiheanheajmiojafolhdfbih/smart_wallpaper",. "start_date": "2023/9/6",. "end_date": "2023/9/7". },. {. "wallpaper_id": "mods/dafbhaiokkmgdlcpiblejdpgcnipgljh/smart_wallpaper",. "start_date": "2023/9/7",. "end_date": "2023/9/8". },. {. "wallpaper_id": "mods/jpghigceifbjmaommcoeheogkbphlanb/smart_wallpaper",. "start_date": "2023/9/8",. "end_date": "2023/9/9". },. {. "wallpaper_id": "mods/eggjmmfhnmejmopboifholjgiekialgf/smart_wallpaper",. "start_date": "2023/9/9",. "end_date": "2023/9/10". },. {. "wallpaper_id": "mods/naabgogikghh

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\default_partner_content.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (7765)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):253313
                                                                                                                                                                                  Entropy (8bit):6.0358064565345195
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:F7CD8DC38163562EA49E2190EE4240E3
                                                                                                                                                                                  SHA1:FD0D43180EBD0405D9CC8A1024096C0FB477B39C
                                                                                                                                                                                  SHA-256:6DA80D1F65E811B20085CA44CC94FA444BF40DAC4EFCED4203BE969EA1D81735
                                                                                                                                                                                  SHA-512:7BC999ED10DE759A75A1A3FC48784516343236402D662978EF591971419D05D74B6323505F0460607A2D295DD8AFB25284E34F54363B75D34DF57F0EE383EA01
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// bufo8VNUHtq1v6UEiF5GloZ8je1inb+GUe++eFbHlBFZ6VoAgwXsY2T9uV98ee04yoR7XmEAKrP/ZFPjriY3N88/TRMIBixNQtlo1pZe0NI/PQPEO3wWwhwMzFm+wnq6tu5MsYoYeTHp+Cw67VgcBoyCkzmz5Gt0cCeSYpYftrZd1QnK4DJTR4zk4cOS9LskYA+01pqqdt7wHwKKuuJn+tcAlRzDhu6ttYN4Z5H45vBu2inISuYNcyTO3oj/7g319hV0MO+sR6PyXeSFrLu7RiKmzMcn9rK9uqf9mzGxQy8Xp8RBLcK2XiLx3ymNi1vLxf5c/128SCNkNdWeZ9n3Pw==.{. "version": 120,. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "at": {. "other": {. "list": [.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\doh_providers.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):801
                                                                                                                                                                                  Entropy (8bit):5.495629414250427
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:4F98A7320537B24179D9860246E2D840
                                                                                                                                                                                  SHA1:B727FDB4D25AA07E02464EAB8DAAE4DC663ED298
                                                                                                                                                                                  SHA-256:574421B40CF123844F55A0A72AD5EC0BC9DEA3C8D823F8B7EC065D7B7C346175
                                                                                                                                                                                  SHA-512:3F6273688F25D375974A18E554339B7F3E2F0BCEE19F31E265DD6256C3514A23B4980D4F2182A69AD5ADA95A2CAD8F94AC04B510A26954392626EBD28F54E5B4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// ia96yydt8bWv3y5ivc46+PdnIQFXt6cwopEjrrZk+GzzrDKmMzcyxK7YvTbpmIQjCw/QjXke1u1o3WiWeFr5+90QlOeWBJnZjzqILeh/ogmgCbB7hcNIVL31zrGZF+EyVVFZVRDsBx6pLCX3DEHKGrXNOb9epqcY2EwwM0goOtSqFoc+wlNrDRNwVOVT4GQ05GKThcHzHWSMu0DzC8Yd2II64XSFBsDM9U+HlrlASNhELQ31db0HJL0EWMcQc4sFM/DixX7TPvU/oKX35liQk8HEVxVrxhm612/tW8rZ54zab/O3RW1LE/23aLHU5jslgAI36CGRvXFeXlfeA51jJA==.{. "providers": [. {. "url": "https://cloudflare-dns.com/dns-query",. "ipv4": [. "1.1.1.1",. "1.0.0.1". ],. "ipv6": []. },. {. "url": "https://dns.google/dns-query",. "ipv4": [. "8.8.8.8",. "8.8.4.4". ],. "ipv6": []. },. {. "url": "https://dns.quad9.net/dns-query",. "ipv4": [. "9.9.9.9",. "149.112.112.112". ],. "ipv6": []. }. ].}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\partner_speeddials.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (347)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):379486
                                                                                                                                                                                  Entropy (8bit):4.977729585377959
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:980611397C2A8223B35B7034493DC6ED
                                                                                                                                                                                  SHA1:DC6651965B19CD98DBCCF2D47E5616AEF91D837F
                                                                                                                                                                                  SHA-256:3E9BB5F46CF23BA5A261B51A24D39D820CFBECD2C6C6F4AA84ED24DCE3BB2BBF
                                                                                                                                                                                  SHA-512:03E92FFC9166E3F852C94556B9EBF2EEBA2F5B9C72B7FB30FEEEBC41169F4E3777CCC6F2F2900AC50A28E9744C231B8BD792C01272E4F52F1BD07CDEFCF7DADC
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// aMvTMfwr0HztLXZQv1y+xyWRM8WBOCTknkf59MUwnsKUz4zTG42y7iJvc+jXe3/jdpxXQcfhiY5AwOQ896DLwFUNqXQ4dImU0rWWmDdFGsJAIwdIV/n/xZzr4uWwzxhNpWud01i8C/N7YHGDXDjPhA5cXFZF0DQj7zE2SIuaqEKz5hZljGyJOxpP4PSqOMm+7ZrpzOZOxFx5JYwIo4XTMVa6eppoQcw75nsgMjeVc3+++zFQgsuI2Zeb9BkQgqq2bY2touAcdrhfqfGjJmXj39Yf6sSErZYOoyRhtOgW+QOPS8maSjCFEuWYXEppoL89higpHZiKlZ4vqQ0TYVfKFw==.{. "*": {. "bookmarkbar": [],. "speeddials": [. {. "favicon_url": "https://sd-images.operacdn.com/api/v1/images/46b911f451044a30c1aa38f062e1a4939605f09b.png",. "name": "Twitch",. "partner_id": "gx_twitch",. "ping_url": "https://speeddials.opera.com/api/v2/ping/gx_twitch",. "position": 1,. "real_url": "https://www.twitch.tv/",. "replaceable": false,. "revision": "20190409",. "thumbnail_url": "https://sd-images.operacdn.com/api/v1/images/20586137116208fbaa36984a3165942edf7daea0.png",. "url": "https://www.twitch.tv/". },. {. "favicon_url": "https://s

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\purchases-schemas.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):134754
                                                                                                                                                                                  Entropy (8bit):3.912152746351969
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:50B7EEA5800999F39B8C3D93AEBA6545
                                                                                                                                                                                  SHA1:781B66FE6B6548CF39522E3661BD6A9ADE39456F
                                                                                                                                                                                  SHA-256:239158E719514AC1205D1844643E24440D0833C0C7C64060AAFB6FE2378C63D4
                                                                                                                                                                                  SHA-512:192CEA97EAE5C5148D4D5C1AC818CCB9C75F12119446BD772A9BDFC07975739A66558B580BA5B29FF47275B60DE099C954E82B91CC34DB683C63ECB42C671052
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// nT/e0fNNq9R2n1GNHggMQYT4GDR4XJHAsGYhnPcLb+eG0AT87u+hknCDu03zU4w1JTGc7yrHkkK17b8TIT5tk9x9KU8mgfFBqUYb39RlMQg/CzgtdoRj6qzpRGbApfZCt6JpUvp+64u5NUh1lWMayZmuKg+teFql4t1J77VVkoU5OgZxe5PGy4Hz6S+MzoiqHndxSpFPSEuIdFjOEhczMm6YPhqvMqg8IIoNGkqMcqVRM+gE/hIHPcmtvq/I8ddyvmKdB24FrzZDbUOCA704/zJrA90VqpJZYXjdYqYEH4Waa3TqqxD5HB5OJ/ps6pJS83kIVpH5qRL0pZbCnhl26Q==.[. {. "partnerKey": "etsy.com",. "onfetch": "set-basket",. "urlMask": "^https:\\/\\/www\\.etsy\\.com\\/[a-z]{1,4}\\/cart\\/[0-9]+\\/review.*",. "recordSchema": {. "partner": [. {. "type": "value",. "value": "etsy.com". }. ],. "locationUrl": [. {. "type": "eval",. "value": "location.href". }. ],. "cartTotalValue": [. {. "type": "querySelector",. "value": ".order-total-cost .currency-value",. "property": "textContent",. "postprocess": "pricevalue". }. ],. "cartTotalValueCurrency": [.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\siteprefs.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (347)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):16201
                                                                                                                                                                                  Entropy (8bit):4.098824428208723
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:BBF46467CC831E6959702A6C6E61AE20
                                                                                                                                                                                  SHA1:87BF7D95BE0331121B98D9FA8E63236C8E7F317D
                                                                                                                                                                                  SHA-256:40773E83309FD180B277C4E79541F398D6DDC051A897933FE61442B199D31EB6
                                                                                                                                                                                  SHA-512:03A882849359D3ECF6191586AF8FEB2B7AEE968F6CBE117E96F5336ECD070E093E9A226F555B0CD53671EBFD9974FC50065018F879B18490AA24580AD95FE2C0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// pQvoYyS/f1QyhTtV0QfEu8Zhv0cePbj696LB/xN6wUlEESM7gXWk3KKJDpqyAz/2yqy/T1PHUGX2P7xTgnblGf2DiO7Atpk+9HfrzRp5sTAEEOBTF+NAn6RvcBzj5BeKCJztJ5jB+ZrfZdZ/U2aGoMcKgChk+aJB8QZ0fx2lP/I5ytZdOZcCp2z05I17ovcHpCqaIfUtysrlAvmtqmMSYvziEAoWjXfnszem1gi+0PHJPMunmcnPSLiXaByXNvneBYOiaUaexQa3bAzmuRVd5qPFq6KgElaHhdenJAxpZZNy+sv5BP3Ty0/RyQ9Z2DpxEFZ7OV8H8SD9U6HKRLbECw==.{. "@version": "2.0",. "timestamp": "202312181455",. "firefox_ua": [. "youtubekids.com",. "techtitute.com". ],. "chrome_ua": [. "datadoghq-browser-agent.com",. "track.capitaloneshopping.com",. "cos-rd.com",. "cdn.capitaloneshopping.com",. "capitaloneshopping.com",. "api.capitaloneshopping.com",. "pixellu.com",. "amica.com",. "delta.com",. "whiteboard.office.com",. "school.novakidschool.com",. "demodesk.com",. "capcut.com",. "chromewebstore.google.com",. "bing.com",. "fio.cz",. "fio.pl",. "air

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\specific_keywords.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (5243)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):46132
                                                                                                                                                                                  Entropy (8bit):5.476429533205484
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:34CEDACC1C62313116216EA57A16683A
                                                                                                                                                                                  SHA1:D627058E97DCAD8F0A8737DFE2FFA195D868E5E7
                                                                                                                                                                                  SHA-256:F04CD2A8EC2686420E9A89C454C379C76B610BE2AD62E2F2F1A9641A9D9ED286
                                                                                                                                                                                  SHA-512:FA9947AEFFBB687B4D0D632323BAD68E5E93572398FBDD5A7665E1530F3327BFA4307C4AC8AC035E423A667C322FBBF98CCA4995AB9B8EFEBBED99761D753D18
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// DJk2k3pkp9cay3NljwD03+GA6BPihyqZAPyGTt49ivHi9iZ6PCltyC1kZ47WPQmo7WuEhxdSZaZN7uE+VJdTrnfzgcTe4Nz9SU60AUeW3rV7dLOmyQuCm6HExT8VxWHux47vXFsehnQYT8kx56qh1FwN96iY0bsNMLnuo4JA2Hdobl43moGSrTi/eIGdTpA6pq1oHaQgMA8tu6ztgOuMXrE85Qkl8WGanStebuBLdRfGlBkLVG8IqS2YqFyTS5E7NjDLkqOYjx/rM00TqYbFaiVdCkUl5Iu/HyF3eE0cF2dpFLScIb29KBifsTSuiJpxQNvJrGe51SoLHg5oZFQFpw==.{. "version": 1,. "should_reset_discarded_ids": false,. "de":. {. "keyword_groups": [. {. "ids": [. "booking",. "expedia_hotels",. "tripadvisor",. "hotels_com",. "tui". ],. "keywords": [. "achensee",. ".gypten",. "albuquerque",. "alf",. "allg.u",. "amalfik.ste",. "andalusien",. "antalya",. "antwerpen",. "argentinien",. "australien",. "azoren",. "bad kreuzn

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\standard_themes\default_dark_theme.zip

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):575594
                                                                                                                                                                                  Entropy (8bit):7.997587858488024
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:8DB0209E463713D66AFEF101737C0563
                                                                                                                                                                                  SHA1:ED7633389CAFCD8A4FB18C40B39EC67F1C1D6D32
                                                                                                                                                                                  SHA-256:53E38D9406BBDE4D600D7E2888F389B9D3211688157B3B0BE8E60BD2826E2839
                                                                                                                                                                                  SHA-512:789742F61A55AFA748A02D51796E275FCBC132136655890E1DD87A17C37EB168A98E6511456A6747D6E2946074715F8B7F4B23632249071BD6FA5330213EBD93
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:PK.........L.Nc...............persona.iniM....@...}..k-.Q.+.A.Q1.F,.d........D.g.)......1.%c...r.>.9....!..........bw.h........Qw.X.#.%e...^...\##5<R.7XQ..U........=...R{..../ .....m.....l../..Ri.`6...PK.........h.N./7p............wallpaper.jpg...T.[.6|."&...".....JGP .......EzS H.....{o.$.D...APJ(."..Q.....D..y..{..}.]....s.=s.5.g...5..-.C........1.......?....._.cp.... ..................@|..|..z..........{..>...(.......x5.?/?.>.W..p...8.a... A.@<.@..?..p].@......n........q....{...... .e..D.o.A.ta.....5.".....8.x..^@...%.C..Occ,...ax~......T.i...S......8.8.......n@............G...c6.n.l..@p..WEE......'<.....H.^.oX...a"YX.6W7..(..'.i......X...C.~......0.=..@..6._&......C...#{...l .".^H..f.....Q............<8{m.. .....p.e..`..C...dW6...{i.................q.0f.#....'...nl.........B...@".X..X.+D8...+B8..XN.q)...~..U...T8.....A.a...@..^..Kx...H..r.......B8R..r...... !\.qn.H8L.K..... ....$.7........\<....$..xvb.s..T ..461.........|...l..8.....=...2$... ,..#

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\standard_themes\gx-1-classic-dark.zip

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1369275
                                                                                                                                                                                  Entropy (8bit):7.990689177640962
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:4C617C16867B8AC373F1A869990F498E
                                                                                                                                                                                  SHA1:71BA19F7D40AA7BE1197C0E0D30177C390C0921E
                                                                                                                                                                                  SHA-256:A0B04A4C883A25FC434618151974B00597CACDFE766E2EE67E6AA1D2EB5D6D81
                                                                                                                                                                                  SHA-512:9975CE7FC5AC06F161C61F5F62108C04ECF56D9AE2C81108A1F99A285EAEEC5DA77E694027B22F2036B7DCFC053A1B836A90E45B325B4AD282DC2D99885EF667
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:PK.........m.T.R.a............persona.iniM....@...}..{.A....J!M .X/...y..6..7?.....1;.5.RC..../%."....`...zV.BZ.I..9H....*...N.kx.{z.!5.t.m.<.......X..,Xd4..:.........gv.....PK.........`.T%...W...........classic.png..TSm.&.]l.(..((......SQ,............;R.".R...... %...""%....I..$..s......v.5s..+9...~..y...y....l7o.AFFf..S6.ed...Ym.~.t.W.......\Cdd6*....y..C:."..1..N.I..j.Q..22e....kd..O......E.}fd....1..~I..V......3..d...>xe...g.....5.....H...2....:...1"..q.?..V....#+V..c...2k.T....5..e\...x.v..1..@..i.i...s3..@....(.u...U2_z..m..jo...x).r...A.K...q5.fSy.,I.UXo]...5VD.....S...EU..z....F...=O..S... .*..4....Z.sQn-7V....".5.E>..D &e:....+..j..x.j..0.6<....uX..;.rZ...B4S.u.<...,...c3P&a.\+.!....Z..P...h.yi...0}A..3.c..E..hx60.....A...K.6.*....9..S.2.).'}..I<H%..6R....hD?.I.91..x.b..@q....CO/B9...($.W]..0.:.!...&v..h.>...4.=..x....#k&...Y`&.@.7...e..#..7.$...c%&g.(z...m9.f...v.s.V...J...t...E...P..y...`..6..|..q..77.N_..Et.,..\.%....2%.t

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\standard_themes\gx-1-classic-light.zip

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1490601
                                                                                                                                                                                  Entropy (8bit):7.991032980491148
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:81F209C261CA22CB919D77DD37136A92
                                                                                                                                                                                  SHA1:45646D906BB358D5E1C86A46492BD85D3E089E7A
                                                                                                                                                                                  SHA-256:4596B73D4901598F52BBEFBBEBACB70F2458AE8D690BC0B1BE53FCDE471DE072
                                                                                                                                                                                  SHA-512:362E2F7EFD01AAF4E3CEF39E5F99D1C50B30E9129E289C4C039A63295ED5F668E6E084325BED7D9D90E41AADD4ED51B6F610F21A095D25D39EFBBF929CCF5D31
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:PK.........m.Tm^I............persona.iniM....@.D....kE...B.E..$..R..M..o......8..3..f.G..%.=..*.=..|...k.O.....E...}kcd.g...m...s.(XL.....;..... O.....T..g....q..E7.....#...g....2z+..)... ml)...&..PK.........Z.T2?.n)..........classic.png|{.PS]....... .K.).!tP.T..Q)Ai.k....PT....H. %. -..Z .\...w....k&.9{g.Y.g?k.u"..iSS.S...Q?..xADD...........v.....tL..(..~..2.Y....^h....qn\]\..>U%"....!%bn......x.u#u.v.......?.n.bd..B.9.4.\.T1........p..x).?.B.(...2..m.6...@./H.....m. n....z%...F..fH&.@F:@.......Z.q...*,.j..-...J.:.|..7.iF.G............;.A.\h...D.....7..\.,......L1..*.....n._q ....\..9..U..8....=..4.z'.D.pA..mD.....GJ.Y|.b....C...,hRT33..'L.jM.3..7...J.}.e..Y..z.....|.....}....Cq.y.2....;>......7...\.HV.6.om.u0.F..c ..iJ.~..I..5.......ro2}.i%........E...`}.w.~._d.9m...h..f.,....\\.;..<5....;..H..D.......}../..~..`e.bq.{....X4..+_.^...v.Z...qH,.._....~o.....+.?U....{W.<.7.........;>.c.Ur.$...Ty.<.{..L..Yf..1.B....@...t.......U4f

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\standard_themes\gx-classic-dark.zip

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):644311
                                                                                                                                                                                  Entropy (8bit):7.998698130487401
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:E1CD90FD73AF35BC5E37C08E570B1330
                                                                                                                                                                                  SHA1:FEDFD7D049104A321FC68D0B85EB0C534BBFC39E
                                                                                                                                                                                  SHA-256:57F26707CE39F684BBCC56C3522DBDAB8851C42878E2D6C3AE41C2FAC64AAF07
                                                                                                                                                                                  SHA-512:519ACDFE72BCF76405E92CD45728048C3840D6A4494A64B9855177C681A1D104EF09B3A12536ACE68567BC0DA1A2EDDFA24C94BD65E830705B99416D2FC416B2
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:PK........]v.R&5 .............persona.iniM....@...<E..A.''AqR.PJ..=</.]j}|.....C>./..R.....Ow<8J...A{..v....iu......6.e.....q..2......T..@.]..... .."0../@.:F..7.^...G..F....|.PK........'L.R.'Q...{.......GX_Wallpaper_classic.png..uT.M.7.........m..w.`!8..........\6.../.{...o.u.Y..?..SU]]]5S...QW.CE"D...@U..........G..;b.........r.....[CHX.XX.+8.m.5..V~n......N m}O}.eAK.'V.?4..N...\.b..@K.kOr.k[....MW.%9.J.R.G.].U...$..n..m..`)`E)&J..+.W...'......C.W.._r.....f.$........)...N...nM....b...C.'.....- .L.............+.....I....l.V6......oO.....U...........C@@......../.....'....?...=,.A.. .g...@../O.J..,..UE..;{..P.M...te.`egsrb.........N...j.i....n.w?l.....w....j#.....)@Gi.K/'kgO.i..OX.@V.@.^.K....^nn..n......5'..;7/.......?r.'~)I.Y.N.N).In...I.INN)^)>YY.>In)...*8{x..-......x9.W^A)wk..........@..............^.h.r.g..]..... ok+Yw.'...Y..?. #..+.%.#....?.._.V...........W......g.#...........v..8..#dm.?..q.DAZB.w.g........s..i....P..+5.>zR.R.&.......T...>...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\standard_themes\gx-classic-light.zip

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):548237
                                                                                                                                                                                  Entropy (8bit):7.998514259135896
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:18E33CC30EEC9EE82FC709A057C96587
                                                                                                                                                                                  SHA1:4BE508E28CE39087B0E241B89135DA5FC1A5C07B
                                                                                                                                                                                  SHA-256:A2E8B98F32B559A9EB475FCB509DF0F49BB6BE86EFF46D226D2DA598E98A7267
                                                                                                                                                                                  SHA-512:B69AB5A40A85D588E7C36784D0AE33829EC3D75E9932717339FA7D9B64DABA257D2D6FD86CBC9EA6E4D1ABDC162E6B7354482AD82261674A0E7E55705AB407FD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:PK...........R"k.............persona.iniUT...-..`-..`ux.............M....0.D.....E.{..AP.PJY.m...l..oM=8.9<.1.!tRC.'...7.z...<:.+....."'.t:Rbxq.N.....E))..r.w2..d.m.5W.>.n..1.....(..1...@.zF.._.,V%.(....e....PK........'L.R..<..[...q......GX_Wallpaper_Light_classic.png.?...>.<..c.T..B.o..$.HR.....w&).NR..Q..%..=../.u.1.................:.s9..<.L..J.'.O...P..p......._.....X.?8..C.r].........D..bl.z........c........}-.-.[.&.;>#..>.;....)Y..#..3.Vc3.+{i...j6V+Si6MQU.U.y3K..^Nf..n.7.1.0e..a........z...;KzH...J......X.K\l.....R..*.q2c....5...e.I.....HH..............I..H.....a.Ns25....xx..4.....$?...;..0..._PBB._@._H..X...i.b..k................1..E...{.v...?..;.&.H...... ..........w......{:...5s..:...0g....V.B..I5'+.(F....W;3{....l..>S+SI.AAQcA.3^!s..^.s....................w;../,".R.W....&"(x...5!!y1y... .....7.]..M.....G......?.J.;...@..C ..Qp....q..8......r...X...\&T..Y3'+73SE'..+1.V.pAH.....5.y!...]8.k..........3..a..#....?:...G.......tH.w.$..... w.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\resources\video_conference_popout.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1064
                                                                                                                                                                                  Entropy (8bit):4.216969853800906
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:19BEF2D091C16C4EE3F7B9D63A48EEC2
                                                                                                                                                                                  SHA1:E148797C1874D3DF0F9AADA3C217BAD86E07B49B
                                                                                                                                                                                  SHA-256:A31AEB78E781F22CEE4220D24B8D62AE139902E37804BC836EADD90264AEDBB9
                                                                                                                                                                                  SHA-512:A245BB9E697897239B449BBB35197E8033285BB7C9F101CFD8AE43FB434149102F28534C2C58D561341B72DDE90632FDAF5D73E5DECE5D453C221D67987302D0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{."version": 7,."list": [. {. "urlMask": "https://meet.google.com/.*",. "width": 700,. "height": 450,. "blocked": [. "https://meet.google.com/",. "https://meet.google.com/about.*". ]. },. {. "urlMask": "https://whereby.com/.*",. "width": 700,. "height": 450,. "blocked": [. "https://whereby.com/",. "https://whereby.com/blog.*",. "https://whereby.com/information.*",. "https://whereby.com/sitemap.*",. "https://whereby.com/user.*". ]. },. {. "urlMask": "https://teams.live.com/_#/pre-join-calling/",. "width": 700,. "height": 450. },. {. "urlMask": "https://teams.microsoft.com/_#/pre-join-calling/",. "width": 700,. "height": 450. },. {. "urlMask": "https://meet.jit.si/.*",. "width": 700,. "height": 450,. "blocked": [. "https://meet.jit.si/",

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\root_files_list

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):730
                                                                                                                                                                                  Entropy (8bit):4.668284777150785
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:3B491170F7EEA56B574A24876BF7451D
                                                                                                                                                                                  SHA1:C5CC1BE375BB413978752F0210CD0A76A415FAEB
                                                                                                                                                                                  SHA-256:D30B4A5E4B31A93F5EB6C20D94243839DFED71E69071683C6838B424CC2A071D
                                                                                                                                                                                  SHA-512:178AF7B1AD0A2ADC377B921C350BF877E4D82E561C2058B7DA66CBD6172681849E4ECA77DD2D385AB8309179B15C52B2522F181A5188A448478A09677F68C7AB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:Assets\150x150Logo.scale-100.png..Assets\150x150Logo.scale-100_contrast-white.png..Assets\150x150Logo.scale-140.png..Assets\150x150Logo.scale-140_contrast-white.png..Assets\150x150Logo.scale-180.png..Assets\150x150Logo.scale-180_contrast-white.png..Assets\150x150Logo.scale-80.png..Assets\150x150Logo.scale-80_contrast-white.png..Assets\70x70Logo.scale-100.png..Assets\70x70Logo.scale-100_contrast-white.png..Assets\70x70Logo.scale-140.png..Assets\70x70Logo.scale-140_contrast-white.png..Assets\70x70Logo.scale-180.png..Assets\70x70Logo.scale-180_contrast-white.png..Assets\70x70Logo.scale-80.png..Assets\70x70Logo.scale-80_contrast-white.png..Resources.pri..launcher.visualelementsmanifest.xml..opera.visualelementsmanifest.xml..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\root_files_list.1707230173.old (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):730
                                                                                                                                                                                  Entropy (8bit):4.668284777150785
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:3B491170F7EEA56B574A24876BF7451D
                                                                                                                                                                                  SHA1:C5CC1BE375BB413978752F0210CD0A76A415FAEB
                                                                                                                                                                                  SHA-256:D30B4A5E4B31A93F5EB6C20D94243839DFED71E69071683C6838B424CC2A071D
                                                                                                                                                                                  SHA-512:178AF7B1AD0A2ADC377B921C350BF877E4D82E561C2058B7DA66CBD6172681849E4ECA77DD2D385AB8309179B15C52B2522F181A5188A448478A09677F68C7AB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:Assets\150x150Logo.scale-100.png..Assets\150x150Logo.scale-100_contrast-white.png..Assets\150x150Logo.scale-140.png..Assets\150x150Logo.scale-140_contrast-white.png..Assets\150x150Logo.scale-180.png..Assets\150x150Logo.scale-180_contrast-white.png..Assets\150x150Logo.scale-80.png..Assets\150x150Logo.scale-80_contrast-white.png..Assets\70x70Logo.scale-100.png..Assets\70x70Logo.scale-100_contrast-white.png..Assets\70x70Logo.scale-140.png..Assets\70x70Logo.scale-140_contrast-white.png..Assets\70x70Logo.scale-180.png..Assets\70x70Logo.scale-180_contrast-white.png..Assets\70x70Logo.scale-80.png..Assets\70x70Logo.scale-80_contrast-white.png..Resources.pri..launcher.visualelementsmanifest.xml..opera.visualelementsmanifest.xml..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\snapshot_blob.bin

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):276794
                                                                                                                                                                                  Entropy (8bit):4.2227815588821205
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:8CDBCD1261E7810C12D3A1A6313A05FF
                                                                                                                                                                                  SHA1:DD994DAC87A4A7C46462A4E8D1CF3BFE296E19FB
                                                                                                                                                                                  SHA-256:9AB00172AB59CC736732C80E48DEA43B523264ADAA4C7574FB28F40A700D07F7
                                                                                                                                                                                  SHA-512:CEE44A22B8D18042466DA276537BD438C4EC5B53AC43F372EB5A1B2FD53ECD71EE1B8ED98C36F4D7042C4F1B7270BF0E019066C32BD491877FCB55222B9859C0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:..........E*..G.12.0.267.14......................................................L...p...............K..a........a........a2.......ar.......a2.......a...........rt....t...2u....u....u...Rv....v....w...rw....w...2x....x....x..(Jb...(L.....@..F^......`.....(Jb...,P.....@..F^..`.....H...IDa........Db............D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\v8_context_snapshot.bin

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):642377
                                                                                                                                                                                  Entropy (8bit):5.199822406924661
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:AA4CF0979D6B3C1AB5E8418260A443D3
                                                                                                                                                                                  SHA1:32E40181A1D8FA1AAEDCAC8D0C7C6A2879AF4B38
                                                                                                                                                                                  SHA-256:1D3C18289CCB3766C3736BF851B718C9BB1E2689433C362DE75F4CC05AB16EBF
                                                                                                                                                                                  SHA-512:42ADDD732FFFAC866A3BCA7D126E17F5F214813CCE0F46DA369E6D90D13F709E81E3B5899570DAFE5076AFE690BBA1429145C53ECF861BB319C4CA6155260AFD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:...........<.MM12.0.267.14.........................................................i(..i[.......z..............a........a........a........ar.......a2.......a...........rt....t...2u....u....u...Rv....v....w...rw....w...2x....x....x..(Jb...(L.....@..F^......`.....(Jb...,P.....@..F^..`.....H...IDa........Db............D`.......D`.....D]D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L.................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\vk_swiftshader.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5098912
                                                                                                                                                                                  Entropy (8bit):6.3517420919227705
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:2E0E9073992764EC88242B03F35F92AB
                                                                                                                                                                                  SHA1:F7ED1D75850B6457A15EC695BFD933E88B88A91F
                                                                                                                                                                                  SHA-256:9D3CBB1046FAEA6BD9B39C76A6A880DFCA54CADAB9B327ECAE1BAC579935830E
                                                                                                                                                                                  SHA-512:83AFD7CB83E3CC6A9B2504BF2A9966FDAABA192D1225439391455939FE57B2CD0F10B6A6C94DA391ECA044F7385BB3FC59076CBE753024A178CEE732262218B3
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." ......=...........4......................................@O......cN...`A........................................`LI.....8lI.P.....N.......M..6....M..)....N..f...'I.8....................&I.(...@.=.@............pI.P............................text.....=.......=................. ..`.rdata........=.......=.............@..@.data...@....PJ......4J.............@....pdata...6....M..8....K.............@..@.00cfg..8....PN.......M.............@..@.gxfg....-...`N.......M.............@..@.retplne......N......0M..................tls....Y.....N......2M.............@..._RDATA..\.....N......4M.............@..@.rsrc.........N......6M.............@..@.reloc...f....N..h...<M.............@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\vk_swiftshader_icd.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):106
                                                                                                                                                                                  Entropy (8bit):4.724752649036734
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                  SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                  SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                  SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\vulkan-1.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):949152
                                                                                                                                                                                  Entropy (8bit):6.60883074914281
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:C5A6058DD459F37670162E0477B80BD9
                                                                                                                                                                                  SHA1:7C25DDCE6A595F1802ECD28E0E77ADE9834B0B18
                                                                                                                                                                                  SHA-256:83108768BE317BC1B92058C9F4F21B198591827D974306CAA95B348FD6525491
                                                                                                                                                                                  SHA-512:93EC32DE9BBF1E2D4EFB6F5B9D6327615BF09026A652FF4F3F6910D6CA0A7D67B4743EEC4C253EA4BC64314342E74125055A8BF24971BC7983BF9C49E31FC8D7
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." .....~...........(..............................................m.....`A........................................x...<!......P................p...R...)......L...l...8...................P...(...@...@............................................text...{}.......~.................. ..`.rdata..............................@..@.data....M......."...z..............@....pdata...p.......r..................@..@.00cfg..8....`......................@..@.gxfg...P)...p...*..................@..@.retplne.............:...................tls.................<..............@..._RDATA..\............>..............@..@.rsrc................@..............@..@.reloc..L............D..............@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\win10_share_handler.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1137056
                                                                                                                                                                                  Entropy (8bit):6.494678472095828
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:4C2860302A7C4B6F63169C3A90375B5B
                                                                                                                                                                                  SHA1:C008226FCBFE686FBD59B90ACA13C1F0A9C5A7CA
                                                                                                                                                                                  SHA-256:5FE1088FA0657F6BC9E35451C797FA7A39B5E1F94FB69EED5065DAF855C6A3B9
                                                                                                                                                                                  SHA-512:5976C8E56D5D3801986F1BD3A6DD345A0E9488BDFEB093C484B51A6FD02627B5921859A212B1EE1BF95531F62D7249AB9D14FF677B762675EF5E7F43CF2F6E7D
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." .........................................................P...........`A......................................................... .......0...x...0...)...0......l...8...................P...(...`2..@............................................text............................... ..`.rdata...b... ...d..................@..@.data................t..............@....pdata...x...0...z...l..............@..@.00cfg..0...........................@..@.gxfg....).......*..................@..@.retplne.................................tls................................@..._RDATA..\...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\win8_importing.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):617888
                                                                                                                                                                                  Entropy (8bit):6.225703892683239
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:2E989F5ACDB006F93D49CA8E6C9FADE5
                                                                                                                                                                                  SHA1:319894B9B426F213250327AEF5FC71D951490C92
                                                                                                                                                                                  SHA-256:AF177D80E357F7B8502112F1D9AF118AC67EBE5221D169B555A8B41B0C430C7D
                                                                                                                                                                                  SHA-512:E3B851F3BA312E5328FD893D2A2B7A62AC28FBB5BDDF098CE3C013711D1B1937868A5AA94009AB6D3AFDD3F19941BCBBEFA0C030CEC06290E90AC30EB1E46B59
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." .....,...........v.......................................0.......F....`A.........................................b.......c..d............`..tF...D...)... .......[..8....................Y..(....A..@............g...............................text....+.......,.................. ..`.rdata.......@.......0..............@..@.data...4f..........................@....pdata..tF...`...H..................@..@.00cfg..8...........................@..@.gxfg....$.......&..................@..@.retplne.............0...................tls....)............2..............@..._RDATA..\............4..............@..@.reloc....... .......6..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\8137cd84-7128-492b-8701-61271f2c7bfe.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1624
                                                                                                                                                                                  Entropy (8bit):5.164279432109298
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:25A1809B23BEA77A272906CB5AE61E00
                                                                                                                                                                                  SHA1:357D96603DB5F309803AC9B14E54C3BBA40EBE06
                                                                                                                                                                                  SHA-256:7BCFB6B7BC34DD71A2F6555347F28862E5A7C974D2C142D1AA8CE4C2412A9A4D
                                                                                                                                                                                  SHA-512:D00CC874DB2EAB2F1E99D668AF8BDE774B862484833CED617FEA2DB1246C470AED7C8156E761F9CC05F799E998A1BF9B316AE285523B520B35E0FA9ED7ECA595
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{"all-installer-experiments":["installer-experiment-test@2","installer-bypass-launcher@2"],"autoupdate":false,"browser_edition":"std-1","country":"US","enable_stats":true,"features-dna-requirements":{"818c3ef12d0b":{"forbidden":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"],"required":["64336fb81a04836eb8108d24fbca3aa3682db0a5"]}},"features-remote-flag":"13e025f64bd6:disabled,13eeaf851da7,15322f489976,1ad69b007ce5,1c4dddb65bac,1d24dceb937a,278deecb29a1,2c1429a5a72e,40db6e644d2c:disabled,50796754ffc7,5448a57d6689:disabled,54726ed4401e,56d717ae3ad6,5a28d66c82cd,603cade21cf7,654296fe9d6c,7e93fef4a11d,818c3ef12d0b,8511df77ed15,970fe421a344,9ec4e68ae70a:disabled,b2a2a32b832b,b7751444d14a,b9677b166709:disabled,c24103d5839f:disabled,c57119eb4723,c9a44eaecc11,cbc43aa3cfb6,ce1c7c17ef6e,d144067b33ec,e2c9ffba8439,e7de6afa38c4,f17eaee53639,f3834d6657d8,f77fe4682650,fc82980101cd","import_browser_data":false,"installer-experiments":[],"installer_id":"e716013c-b288-4db0-8980-2d60e36c69fd","language":"e

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-100.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2181
                                                                                                                                                                                  Entropy (8bit):7.807674908350133
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:B5A21B88B3D8A42DF265817EBEB742BB
                                                                                                                                                                                  SHA1:E0BE32B4FC158DB4E9783094CCE614922114B742
                                                                                                                                                                                  SHA-256:9635C074C9D8EDDE0BAF3111DBD7DB49CBDC370C4F729C80AC382949F32BE526
                                                                                                                                                                                  SHA-512:21ECE0DCF17B038400D09565438FCE8BE61746DAA0250F2FA9D0526BBA3D1CE6F8DA5CCE944EF8FA685C5EB6CF857B073D2A50ADA44A44A76D84813871FAA5D0
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR.............<.q....LIDATx...1..... ..6.^`...................{........m.m].m.m.m........[s....._.....N.Nw..._w..P...R... ......`........_[.i1...`.$.......C......*..,...v.l.>.ZP.B...E@......!?d..!.d.R......g)0...^H[.u.4.k`....0<.d.1.....0...Q`..I.._T..!...|pG.m=..a&.e.U(...C...n.^`........FB.X...Oio...z!...:.Tx.8;..9.[a........{.~.^......P.].r..d..A...?....<y.v"......l......^..._.....MA.o....?.>u._.d..`......E.@.5........E..................R...A..O}{.k..2.....jx\..5U.a.%."#.nA....6.!..W2.............R..j6r..v...."....N.GA..8.......>..p..#..,X.....Q...y..#.a..)....Q.e.zc\.'@.Al.....io....=......D.......F......A#6.^.^.Ma5...b.b...D...+.P.. .[.o..z....,...#<U.0.O.#..Z..........Q{...jA..ka|}...q.s.y^.!.Gh..R....t.g....F.......gt..6...7YjaU....0.*.......3..l.#.. =.h0t.06.v..C...T.}m..%...g..i,Cq..8.g.q..hx. .>..Kz...1....VF.)..q..$....._Z-.U...(....~>...-z]$.mh.%...e.+.....|.n.2..:...N._R..x..>.|S......i?.P....Q.F.d..U.8..i...T...........I.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-100_contrast-white.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 150 x 150, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1828
                                                                                                                                                                                  Entropy (8bit):7.716814612583543
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:0BAE0648C3E320C4D439F158B4FD5531
                                                                                                                                                                                  SHA1:4E860AE24F03522C89BDF37F3CCC10B54832861E
                                                                                                                                                                                  SHA-256:28CE8FCB22080CE1F69346CB0720BBE5662959E413426F00062B706013DA8C28
                                                                                                                                                                                  SHA-512:6A5E4105CCBE1664546798DB057B93622C9CBD6D5AF4967E6BE4E390A18FEC0FFCC807E3331F09ED0DE63ED85569BE7EC5EED5A7C663DF6CE4A5B70E09500371
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR................i....IDATx...i.]U........J..RT.H....T...seV..)b.B.5.@.a.Q..P.c. 2E....eR...P(.....P........I...s..v...y...u......Q.EQ.EQ.EQ.EQ.EQ.EQ.EQ.EQ...S.n...j.."....p..|B..]....>.......9.32.....Y.l.R..*y.\.8.4.....p.K..EY%}.5.h.[*.|.V..i.F..q~...;..W61.M5_..1F...Gj..IZ..u. ...*.w....oS..D.r.).U....j.y.#..y..U..;S.-"...n..v.^i.UW.j.hk...n.....,...LRe[.i.}....H.z@.9.q..".v.U9.""n.)....DD.iX.b.....*'....v5.#..~.$.7.]..Tm.....i......+....m...x.j_.'"NG.]..n.j.vl{..Ls...;.T.=E..3...1;.v..xB...*"^.1U..8...xL,7]...D.9.i.."..N.."...c..D...X...c+.t..8M...[......"f.........R..0R.1..Xh..;ND.=U.ID.a.....v..8...'.uct.....k.q>.q.jc.+b...F....r....AN.....}.....Y.J.k~.;4.3".U....s..$....n.q.b{.q.j......".Y_..E...b.=.S.".4...[...S....Y.6O.L...."...."......i../"..!M.>..4ED.....I..""60x.Ct.i...4.."..f..`(.....4..5.L....o........*W....xX.M...E..C...r.....U...8..<'.G.}D....E.k!.8...ED..iL...V.8.."b.C3[Dl..gED..^....-...NDL.iBs..O...`m..zW...k.A

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-140.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 210 x 210, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3140
                                                                                                                                                                                  Entropy (8bit):7.81304512495968
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:7E529063A02E4E83736B0263CB1B82E0
                                                                                                                                                                                  SHA1:17A3C4B76962E90B1D2FA8A49441157949F4DC78
                                                                                                                                                                                  SHA-256:A36A13A5D5E3D39E3018CCC5F8859944C87256F8BE24A3C08A6BF3CB06A26804
                                                                                                                                                                                  SHA-512:571806725F83FECA90360B246D167A8857EDFD9EDC8DC0EF7EEEF80F291FD06088C405A5653513CB8AA309DF08CD609DF85A95E3379E3E5907566C876CA77CDE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR.............?..B....IDATx................................................{..dg.8....m....m.Z.m..;;y...s.GI?..Su..k=.T#..#.;..}/\.g..:b..a+.....t.A}...q..hq.-.}...`:.gk....tm.$...Ax.....B....c.ih....G6L.....;...T.U0...l....~...........W....=<j.....X..O.....r.Y..-..Q..1.....q`..PC..jL...x.'9........y.b=L.m..(U........a.....W......`:.Me.jh..U0.......;..{..I..|.W..C..4...b.nt.......L..a.........`9.!..7N@.......E.?..$.._.q..6..":.+`....W.O.G>o.F.K.c..G.28..Q.....|.....m..#X......N.P..{:...1.........4...F.....w......Z89.Y.w`.L...v.DC.h'......h...[=...c.2...&ze*h..t..j...@?..cpN......0...KC.....f..F.....2"...c1..m.)y..q..(..C,.e..!w.N@I..q4.......!.A...;q..Y..sy.{...."L.p..#<...'.-8.!u.C#...O;.......y<.=....h.c<.=...5N...s....._...p,..Ia...yo....=...Y..4...t.}m@....g._.......#.M{...t........t...;.bjh..l..84.C8..z....B9..[.D.R..}...r..e.pl...~.....<.~ `...Ep..b...L.^.9..x.vB..IZH.a,k..c..L..U...M0....}.n........H..<.!..B.(Y

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-140_contrast-white.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 210 x 210, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2659
                                                                                                                                                                                  Entropy (8bit):7.828610258666657
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:EBE7D27ED3B4CB6566A10165ABFAA941
                                                                                                                                                                                  SHA1:FDF7C27058CF5DAF7061756E938A33C1BBB26C3D
                                                                                                                                                                                  SHA-256:0BD63FE653885286E180FBDF6D1DADC66AF242B8ED6BD1D03D8C5ECCC20E91D7
                                                                                                                                                                                  SHA-512:50EC8592D78F00A6387F06E077E0DEF88DB26723C0FB8632C4EA06F2E09488DB0FB82E0EB1F03DA53F9C750F6CEBD29F7889B1DE342E4F0AE69F88C4B7B1425B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...............V....*IDATx...{.]U}......"... .!.#..D .k..:.....5...6B..Q@+..lq.(%my.P..C-..Eb..<L5..<C!.1.$wu...f..}........5..Yk...^{.}..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)..RJ)u.d.Y.b?t..Q.E.,u......$o.-..rK....nw..7..w.TF..-...5=.r....?N...a.N.....~7..7,...r..-..q.}..R....Ye#y.u...IF2...Z..6.o.F....R1<w..]T..H..zw{.k..Y.L.Fm.k.ay.W.P.....I..,5G..C..........v.]...].-R..A......1.a;J-..>E....Qe'............#^VF.J.J-.....LRe.....|....g.M.e.+<.l$gHM.l..y..T.s#.Ow.o+....=...4....P"..J...("...]...~....z...h...P.*..QD....Fg.a..7m...W.`.j..C.q...E....D........8.i..D...^c...J.,.../.&rH[M..9.4._kfzN..#..bD.....[.D.4M3.....2Cs.........._k.Z%....bs7+...wkf...'.%..D.j..!M4A.z-R.k5.....q+-.*&j,..GE......p..(.j_V"......i.M...7.....E..LUz.8>i..jm....[.T.].F.%Q.;.2.....X.x.....-...b...;EQ..dU...avR[..V...f....`,.....J........K...........NWe.....Z:YT.>..{....-..(.uvV......P.x...m..ku.)q..Z>9vU;.)..xTC........j"..ra..D..(..6...t.Ib.O.....D

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-180.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 270 x 270, 8-bit colormap, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3904
                                                                                                                                                                                  Entropy (8bit):7.301300867894784
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:F332E088E89B88070EF1EFBECA5B90F8
                                                                                                                                                                                  SHA1:86129A8B1E2E7F78D6CE23C58A37FAC9DA5E566D
                                                                                                                                                                                  SHA-256:6A8F64754C75EDCC9ABC1138E44ACBD7064D7E8E2A28783939241DBD6AFA30A5
                                                                                                                                                                                  SHA-512:2314AAE692C024F914661E46CFD76531DA6C09B94C084FE915A0594625927DF30282D09518A950EAFCFDD2E499B1E4877CF3CDBF5509DE0CC756DADCDE43FD45
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR.............Oo......PLTE.....N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N..N...*....tRNS..8Uq...........jO+..D......o3.0y..b...g..a...@........_....d'...7Qp......K;..^h.\.W.../...S....-..J......&......Y..I!.P.w#...uT |....:.V...1.z%.Fn.6....N..L..$.2.?.e.s".ti

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-180_contrast-white.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 270 x 270, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3673
                                                                                                                                                                                  Entropy (8bit):7.8322183683928195
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:98B9F7A4F4322E7B46DE392FD20F66E5
                                                                                                                                                                                  SHA1:D009D227522206C40CF592E460C9642CD03B8769
                                                                                                                                                                                  SHA-256:A706B332E6A846357A86C30D0E8BB7697E7DD55C2AE592DD45611DDCE0C0BF14
                                                                                                                                                                                  SHA-512:3B3E5BAF3CFC57119E0812DE2816DF6C7DCB42E96C4891E47C4F32320FD3BE2F27A0118051A6651595BAAAA30069BB1C0D78AA701744A44534CABE7547D4BECD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR..............1.... IDATx...k.u.......:.....*.o..I..J...L.H.(a...1....6S.....b.6..2M...fD.M..TN.5..o qx....;g..}^........."""""""""""""""""""""""""""""""""""""""""""""""""""""""q2.3Qr..z..<r....D.w.2.".r.*...s.......\..)d+.XJ.A........8Vq....g...vo.%..B..._M{.a&.XZ;.|r.v%."NaN.Q..R6....c.cN..~H..M1.X..a'%.d,=iZwF2...;.l.xU.H[..i.6;q.....#.y...w...... m.$~..$...L\E...l. .IM2s5.==.%..-....|.:,.`..........<.c-.".\....l...3...j4...B.sn@....Oxb.%.....B......$...-...WC).j..ru.s+.{.2"..5.c.q.e-...;.`-O1...@.G.F3.El.'..>$...(....d....6....%.CG\.e.[8.5.!.#....`q.3.W]X.%...$y...&...DZI....K..W.x.....%.......H+.O%../..n...~....C4...9nAZ..`..F...2.S.khhtz.E.(.CX....Uf....^&J:..@....$M......(.2..U.].O'vc...mzxlm....obq.M6....,.."H...}J'\yll..,....Jx..$/..X.uH.&.].....r,P-...[9.Q...Lr:....(..>..|..;.h4V.%y.|.]...$#....[[..d...U. ..B.H9..d.26.#.w..5.b....q....oq..0Z.y.NP..1.c.V!!.D=.k1.:.?.q'-..w.]..B,P..B...|....+X....j,..2q....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-80.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 120 x 120, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1723
                                                                                                                                                                                  Entropy (8bit):7.769427546963699
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:1F2FB1BF463B2FF2BEC96784DEBFEF84
                                                                                                                                                                                  SHA1:AE6F721AD937FE39F86602F71002435B18BF1EDD
                                                                                                                                                                                  SHA-256:7E6B0D9EA7FDA1B5CA7A0B01290521DFF943DA4CBF1498412CA7D749DB42C32D
                                                                                                                                                                                  SHA-512:0C92C4F75E620D0B636CFD83E89C69A44F6A96A00006FBD0B13637BA5DCC77C9B302029E62F4B80766811F31810F9C20AC1A98B65C38789951CA0E19A5BB6894
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...x...x.....9d6.....IDATx......... ..................s....P...m.m.m.m.m.6N......w.......-...g2/...)z.....K....~(^..`...j...z.^Sc.n.,.....0.VW..al6...a.....R0...k.Q..N..P.x.J[ol2..)o...A....x.....c.m;F...t.16.....L8....vb=AQ0.<.X).@....M......g.....k..,.AN...-..R......$....b..`...... %H....`6.g#..h.]q..5._.@dA..c0.;X....a.. .2...~..;.1..:.x.....q[@R....,4.w.v.._..s;.b..s.Qu5..U.|.6Zj...P..........\...qa. ..D..W.L...c.~.....A...F1g@x....V..`..,..D.=..d.i..Q...o.c...N......$.`....]...P}.G....BT. .?.......L.n..+nG./..cC.>0.N1.\.C..B..4.l./L.3....T.c.S..bf.0..t...J..!.aU..p`.....0./..}.iL.).w..hc.M..'.. ..;'.p.Rt....R.g......8.%14...S....<.Jf./@..U.h'.G.R..D.\..z.4......<....*2K.S.bj.1....=.../pd.........cfPL$7....S[.M.%H.M..W..T...ZP.aA~....D...+..~EYK.#..zOZ.]fA~...fz..].....7.>..|.........[...v..M..vb.........L....z.`.P...X..RP{.....`...+.0...l/..>...i.w...W. .....x....T...............t..+B}d*`/..+.;L...J..._...iC..pv..gA~..k.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\150x150Logo.scale-80_contrast-white.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 120 x 120, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1425
                                                                                                                                                                                  Entropy (8bit):7.721284228612739
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:17471BB63ED62A6E545B6B626A763511
                                                                                                                                                                                  SHA1:586B9EFDE7B3A04580A49F8FE7739593D42D303E
                                                                                                                                                                                  SHA-256:DFD1054F989CDEE25F19EA792F363F042A125CAB537A424F0224BBEE13607E39
                                                                                                                                                                                  SHA-512:F619D963B62EDB07C8077C3C6AE60ED8D3F3DD5BB1D05A2B83DCA1A7A4A346598B055F6C7EA22E05BF281B1DE0F205F5D1054819000759D9450EE1FE8F6491AE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...x...x......m.Y...XIDATx...m..e....}....d...9]9\...r2..L..37...S..."s..SV..].t).*.I..dh.Em..`A ...9.`......./..u.}...........v].KUUUUUUUUUUUUUU...~.p.....M.6Y..l.]...Fv..W;..o..d.l...r..{.d..r....a....r.y...@..>.z..C.l.qh............7{E:d.w.W..ZD.2[.~_..y^4.q.!./;GK......Z."s.m..9...{^.g...g...i..[$"F..x.Pj9.b[E...,.q.^.......v. w...4.I.E\....D....9......C".Q.._El0].=.Z`?.>gD....&Y-b...+E...(.f..~`..."^....Z...:\.h....S.v.v-KE,.8.....W.....Ag.V.....q..yD.<..6....x.d.N.....d..?.Q...[..".WZ&.,....v......Z...vG..k.4."...tv....".T.K.L.q..sQZ%.M3V..D...D.!.-.T.*b.n|W.u..xVl....X..._.."...n...5...W.?.1U7Z...p.>#.R.p..#QzJl.;D\..;E....Q..zl.w..wD.4 .j.u....D,.SE<..Bl.........U.Z.[D..._.4K..u.....mJ.e....&.m......-7*..X...:T.K.}..;~....."6(...O..(M..=.#.q.{..xHl..E,...v...3.`......X.[.E|S.IF......C.b.....r......9....o.\.x..WM..J..5.&.IJ......|...........q.J..!{t9L.Y.}D./5.."Vv|./4V.v....i...8Ji......ae18...>.q....0...X.,

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-100.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1564
                                                                                                                                                                                  Entropy (8bit):7.78686155071436
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:C3722E0232EC20AC8F99CCE7A040B294
                                                                                                                                                                                  SHA1:91CA47DA87EC045ED3EF5D97243167F08FB9E10B
                                                                                                                                                                                  SHA-256:A333D7E4293F5269426B3FCB673A284F3708A66F957DE62403B6570B24BAE8F5
                                                                                                                                                                                  SHA-512:71940B8431E36307BA5176939A169B9259BB6B43C32529A10A12C5EA31447BDDCCAD7EB9EF7CB309B175EE7BD56E70926BD5AA0855D0FD9497547ECD7FF93158
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...F...F.....q......IDATx.....L../..m.m.m.m.m{.._...+...d...[.|..y.'.{8..N8..N8....x0..$.iA&..d..@r........&X...../.z..../.....{..../u~....|.._4$5..4...6....q..P..D.U...u...W....o@#..j .o....j...r..MI.n..X.RI.]..W*g.g..;...|.D...2..._.#..$.....A......I..r..GOF#F...L)..P.8.....G.. .l.m..J.=(+.{..@#....CH..|.:..n.%..0..*.{...O.+.Q.ORp...7L)dxS2H..Ge....e....$..k....iJT.~...eZP..A2....g..PUB..|....v.......>..k..~h3...40.x...(.......v.%.F......vl..h`>...P...4...W4.D...\o.9...z....3]........`.}t.......XI.[z..%....S<.e... .D..TA...'.....h....l...,...$7.......0,%....I[Au"...d&?.j......,..|...~F..pB...]......L.]d.v5...U%..h:}%..._.$...X.m.....S.yL...Bc.R;K..8...*..TiP.}5.g..p..m..s].ZU....H.{P.!,..?......t.U....=m-<.a.v..I$...u.T5..LG..b]...c6.19d;k%...3......,..I.[.1..:...YN...h.*5...W..._....dL6.v.Rch..~...i.1G....|].AU.k...H.[Q.a,6.5-....Gt.9U......n(.#...D.v......_.*...@I.}...i.u.@..w.T%..*.&Y.:o.X..3.Z.m..fW..5.....D...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-100_contrast-white.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 70 x 70, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1341
                                                                                                                                                                                  Entropy (8bit):7.829707677562043
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:504D80D276ADCC0163A8E4720013F9E7
                                                                                                                                                                                  SHA1:6D34A0593FFCE916CD19B66D61004FD7E7EB2CD1
                                                                                                                                                                                  SHA-256:EBBE0B4761EA8968A0A3FAFB383AC7AE175E98CD31A0F41BDF5FCB43469B58EC
                                                                                                                                                                                  SHA-512:9961259704FF97C0E1899A33259F62155B73264E272064F3FA90E64124513C7C8BD6AB69A39C1EFB271ECC2972AB8FD86FB836F22153A9BB35419C3816D11337
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...F...F......'*.....IDATx...{L.U......#A../.9S.&:/..%]ti...TL][Hm.n..8,gsZ..Zk....:u....lF...".I..[.H(.q...{.sx.</......y....9.9.<."""""l%.J..2.L...xFp?...?.8....:N.M..`2.i..M.uZZ+'..C......9.f.1.X.}He....b...$..V.."..'T........[.s..}..F.........t.lnK..d.5...Yr..ld..x.\...iP... ....X......a ...i.C.D.E.H.&......Y....h..G.....1..h..C..>t...$...m..+..../.<.n4.."..(w..%,.R-...t.$.?..#.QB.+.ep..-.....r3.LYo....A...1CVK..$=.ER....}.o.m<.....#....D]O 1\..}..^....,.|[..L..j..`...n.,...C.N.K..U...k..(.IF......1.....B6..X..U......oK..cvm...tP.....,lM....iAq.+...~.t..M.&...0......i(.y.Gq......Zw.,.H.|... .H...zXR...>....K... )S...E......V..H0UR*...P.....\.I......n.fj*.*|..1...U(=.....~@=.X....Hq...4.....D..4S-...x.t;.....X0.....`....j....+..X8....z.t..DV.6c.\....=Ri2.y.{ac..../Gv./....X.n..o....x..ha.d.....p..V.QRg....8...?.[Qrxo!...r....Ni.4tOHz...Ca...z.K....er....3...;....(.0..[r)6.J.3.S'..(.v....l..~t..".&Fwx..M....P....>.7.E.Z.Y.%.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-140.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 98 x 98, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2005
                                                                                                                                                                                  Entropy (8bit):7.837796638299837
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:667BFBAAEB2D2B372B6E0D4BF4992CE4
                                                                                                                                                                                  SHA1:4C6C2E07183963F59391945FBEE077B55F8F6B2A
                                                                                                                                                                                  SHA-256:207519F1C7B6C7509BFEB7B55724997EEC6456C8BAF55E882E72FC5CD43DA221
                                                                                                                                                                                  SHA-512:AC63A3DD2F6088E7849E3824C35FD58CA78EC77DC31E1F6CBD47DE7CC394318CBA7D2309912206A94180267BE057C2AF5C835424019E2A03EE33A2AB801BA9A4
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...b...b.............IDATx..........S.d..........=...F...m...5.r..........m....g{......[1..q./.D.B."......)h.a.o..x.p..r....]..\....b fR......W.a.."..Ix............58.G.G%D.....0lE..E1D.<...u<o...6>....-.`..FX....l\.....K.....{..Y........D...............B.<G.....7.5...8...\....?.!j.b..F..PH..X....8."..,..R....X...((..G.0..&~a...{..DA<v.....H.4Q.u..a..#<Bk...E ..b\@'...3...U.\..4M...o.m.m.m.m.m..$..R9......&..NMW..{..4].....m....h..y/..x....a.[e..7.ua.^.lC8....l0....1...r.&........G.......c.....d....F]...M.a&.M..V..?[..t.P.Xx...*<.(...s...'.Q....'.~{_......8....R.%..7|O.Bl......Sr....^..@..........us.".M..?x....*.T.....A....&.l........H`g..."...I}E.7..].=...C.gz........V!.EE.....7WvB.!.d..vJ...k.{?.......1.n/.Q.{.....LD..;k...\....]G..S.+....F3.}z.=F(.....$..D.[.y.... /Q..eU...]M.[r.......}.f.s..;..!...s..C...x...Y3...<....0.O.p.\..&5...f.u.....4..A..".. .lD..7.#..P.../.i. ......+...M...}/..U\...}..Ah3"t.....D...!v..V$

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-140_contrast-white.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 98 x 98, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1697
                                                                                                                                                                                  Entropy (8bit):7.76630495035972
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:93223E8777B581E988B703DF82593B17
                                                                                                                                                                                  SHA1:40A035464C27041CCC87C7935C45100D93D1C948
                                                                                                                                                                                  SHA-256:464AFAF960C32ABDC2C3937A48BF14C5D1A819B017E719FDED591D43A65D94C4
                                                                                                                                                                                  SHA-512:B8A3EE4A71E609625EAB51F0F6DAFCC82CC47BA2C567CC8BF73CF6423056F9171276289BFDCC8428B7C07645097664065EE9B0B78874425BFF800178222FED12
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...b...b...........hIDATx...........9.Q.f..ttS....u....%..1.a.s.!f..c.b.b.K7QFg3..Y..2M5..6:B..z9.%..N.s>9.{.=..........|.7------------..QNt.G..].E.....b.s.e..X.C...Q.b.;.p..m......g....L.\te.G\.d...F..X..=f..]y.A..\e.t....Ei''...d.X...X..7[TYh.1J..g...y....]/.,r...........mi..2.6J.6Yte.....g.....<o...;..v.T..KJm..\T....i...G.."Qe.c..1.I.T#.6...2...7.y.K.*'.....p..J.2S.V...zf..Z%b..Z.6.z._j.}K..w..R.2.Y..M...P..l..d.JG..Sm..0V..o.u.'R..6...(U.k...k.+m..i].n.ub..D.b.JwJ......-1..(. U..|.^....(."UO..z;.@,2Vi..D,...;K.NAi.."f.TO.j.XlO..}$..M6..".iC.."..MO]-..[(]"U.i..E...J.K..zn..".V..M..i....q.(=%.5...R.e...:P."..(.*U..[...M.G~C......Q3)..]o.%U.*./.c....t..:J...q..k...g...R....\...A.@.kl...H.vJ...x..../....9.:..?q...Y..":@i...4f..E.Yi.T}^.....Q..#..h.#"...4S.y.l...AiG.kl.QWI.nJ.E.F.}M.tP...9...U.f..g...../....]..U:N.{..B..A.2..i.Ru..A"..+jg.kE./Ru..R.g.D...n.q..X-b...f...b.+.q......gD.Y.....q.....t..kA.."&j..Ru..."...j..D..4n.S.wD..gG.x..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-180.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 126 x 126, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2699
                                                                                                                                                                                  Entropy (8bit):7.8799233652993115
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:704D0A2693B350E7C463B0FF2143835B
                                                                                                                                                                                  SHA1:0313AD4C3690A590AC54552D2C27806E73776600
                                                                                                                                                                                  SHA-256:D6367DBC074E37F3488C26B0BAD229BFE99F5C6BB0E28D37B41906C436152B57
                                                                                                                                                                                  SHA-512:4517B2FA911149885EC5549F3173D3C774716740826873E4B2199C804B17E776A5296565930E5ACDB8D5476710A391B21E6DA8941DF64C525A487DB4619A1EA7
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...~...~......#.....RIDATx......................f..`....6..m..j#fm.qm.Am.m......%_...q.i-.>dh.........q.o!!..]...LC.TF..D.o.8...8.O..|.iLC#$PO<..1P.....wX....J..<5...$`O1.YU..g.L....<.....h....K.4Aw.....[.I...yU)....D|..x......`f..................9f....Y...p..!..E..U%...]......l.#.....#gPB.5...^C4.G.........g...5R... ......W.~H@. .*....8.....G...N.U...c....J".....YQ.m0....b.5.V.Y....:.......(W1.E...yb.,..a.bT.^.O!a...6...+!:.*..|O1......ZQ9...M.6.....!.6..O.XI...#jF..w.o.#|c...%Y.h.m.m.m.m.m.......8.qog.N.....3.}...R.....8...P.M.....].....B......3xs...:M!...K.;.mL.7l.N..=..7......sfJ.;..|Q........}:m..08...y.+.5...D..:....|8.m.]........04Z..b.......c.r....|.....m.6/..!...Y..)4._..0KY.e.[.qL.!...X ..jk.....|.....Ki....q...28...-.....<....4.d`.Z{.-]|B..3 PJ.gP.iW-..]m..61c...8.b.,.. P?&.0........A..!_k`.\.s.>.......d..R...."*<.e../.A.S .+...O.Oq.&.B.Y.6...S.!W^....... ..3.A..*...GA.uX.|[..Oh..=..[..9....l-.l..+...mM..Xu_.#)..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-180_contrast-white.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 126 x 126, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2334
                                                                                                                                                                                  Entropy (8bit):7.8839656878677005
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:39E2FCF13C20103C5F449C06D3A4CF75
                                                                                                                                                                                  SHA1:AE8E1BCE2BE17ED450D891864E6AA22642AF39AC
                                                                                                                                                                                  SHA-256:5D46E4056F3915C279F1FA9EDF61D93529FBCAE5C59D616380EC5D9405B7763D
                                                                                                                                                                                  SHA-512:8E4902262B064008804D49D1B5F27BB7B8F33ECEFB05181AA69534E1D21662719DD4F8E0677C58215F6C5CA9EB4FB92FCA54A89F9720230AFBF06A70216ABF26
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...~...~.....H*m.....IDATx...{p......1\0<.%.1<........L.(.0P....R.(Hkk.3.>(-.X.t...>.Q........#P.H.JECxZ.<...5...${.7......../...g........x<.....x<u.0.Y<.f.s.r..7..1.Q.#.#...X...C|.r.......h...b.e..D.[.H..RG.q..f\.9RhV.y....<.Z..0..K.9.c.s(.C9...d=.4..YJ.V....l2..Y,.....u..kH&........rFh.Na.k8A%J..<.-D...Wc.EL'..T~.......I.........N..F...<E.Q$.*.-N2..a.D..;H Jt..%q.....ml......3L$.n..-.Ha0SX..\.#..w..28..W...Z.......Y.......o.......v5.......|...xv.X.G5m.e....tzq.e.7.G.r..Q...D2l.^....E)J..14............~..HCg8...JZ..TN....id..l...3.Vz9...` ....%3.F..v.JG'....Y...,.lc"-.K.]y...h.m.0C.I....".(Gq....g.S>E#....C..+.....].u...+..I...g....b.H....3d.S =.O,.7[...q.|.6/..U.U(.ed.,....DX{.JA}.im;..)..ld.p.*?....QK.....H..i.....#.~&=.&....pZ..&.2....J.s....p..r...y.e.....c..3.g.H.z".#....C'M.h...?......v...&"...z.e(i.+Wz].....<....?....M+s.&....d....*.0n.....s...<Ws?I....?.{...`5z3..w8.........s.B.d..K..K....LLY.j..^...a.p.~.z....-......l.dM.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-80.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1096
                                                                                                                                                                                  Entropy (8bit):7.755097954664401
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:32D3E390613CDDBD639E70DDB2511AC0
                                                                                                                                                                                  SHA1:C96AC088E72D756F31896B16776EF100379F802C
                                                                                                                                                                                  SHA-256:DC20E5AA2B500CD5B5C9F89647D3487810685C94268F22678E27820E2454BB3E
                                                                                                                                                                                  SHA-512:7381CEB8FEE84F398082177F30DC01593BEEFA729C73B0166AF686BCD25D54312B202D9243834B754769DE41E9A1DEED74CA91A76DCDA918A749CDB4F08C124B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...8...8.......;.....IDATx...S.,I....[k.m.m.m...k.f....0..Ag5..<.w.1...r:..g.+...+........MX.k`=l......\(...........,vDq>.......x..`wl.U...x..[.....(..p...@u..z...1M../.D>...z..'vJ..U..'C.......?c:..U........GQ...,.P.T<...-..|$~....q..n=L..iF....X....q.......p.6{q8.u'*.R..C...Qg..YCN.:........#g^.R...w.......U..j...H5..eF......iO`..4r.R.[.....0...9{....u.v....X6!>.F`*.Nk.....J...5.P..}..F.\..Lk._.`.#...od..7..4!V.......-...{r.P....9^5.2.(.G..OT..<9}1....A..Q...U.{C.....o..S.....S...b....z..T...o....z..Z.xv......O|.8.....u......c...?.....u.u........p4.v`......kQ..4.....jzf.^....F..4...j:.._K.;..z]..0.0>..........|..W..Z5!6.b?....2O.....,.>.Q.y..-...._..k..w.}.V....s.o....W*..._Q...X..=Tcmc{N.P..1..j..'...l.-.?j^2..*~}Zo.J..7..F....D.91.....#2^..7.}7........$.:P..oc"6I..)n...|A..G.....l'..x..bM#.|...e.yT...k..y.]9...2.ao.z~.g`4....e0L..........t....n*.....}D.>.O..Vv..vE.Qs.\.~...s..........v.....T..7..A.9.s.]zQ...Gb.q).2....e...

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Assets\70x70Logo.scale-80_contrast-white.png (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PNG image data, 56 x 56, 8-bit gray+alpha, non-interlaced
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):901
                                                                                                                                                                                  Entropy (8bit):7.682141855410327
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:E6ADD5AFC73F7B06FC2348550595F8D6
                                                                                                                                                                                  SHA1:4D658BDDB93FA6CB423EBC61BD20DB37E4D37DB6
                                                                                                                                                                                  SHA-256:DD6F46D32C3E235508F9E4C7D7F993BD807D955BCA7E63CF3D57C6C4C102F46D
                                                                                                                                                                                  SHA-512:55437DFEA7F68A4572DFC86B5428CBE9DB86C0D32D0B09BA6B7B1CF8E49E5F1BB94285BBDC97D8EE00D70BA75921DB59644787C1BE1672FE37CEE09441F249B6
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:.PNG........IHDR...8...8...........LIDATx...mh.e...c....#.."aM..f!Dh....eFaa......0$3.a.bS.(!..$..@%1-+.,.ge..\.9..=<...}...=..7.\'7.-////...T.2.x.F...Ur.5.v..L...Iv..-..a.1&...Y!...U.S%..a......k.V!=....'..M.Pl.F!..s.V..B8g.n..9a......Z.k.....vH..i]V.Yx.....ve:R.I-.c.d...\......S.s<.?....`....).Ab.za^.s.1....~r4[...6a.......$6.o.I.z..A.Z.HG.:.r.C..E..<+.#Q..P.J.._.xYX-...[I.'l.o.{...Q.Y.E.'.V..3...H........i'.w...........:a<...W2.I..0P8(K...IL.V....).V......=". .....;.,....F&..U$6.....d...e.T.}aK...4I.!.(.U."...,}-\G.Rx[&..O...$Kk.I$.k.[&..c......S,.v.....(.Ao...,...K[&T..|.......G.G.6a.++t\..*.?...La......F.....r9..t.U.9.DG.8.o#..j.d..L.~..;B....e.f....*,.......b{./.....N.......`.e$npL.U..f.j.I..A....Oa.^.F.N8`...xU.........@?..t%$.,...l.n)._h0/U.d.....l.C...I....R..)..........3H...N....h.9j.2.{.n_...y..m.9.5.^...H7.i.A.....e.?..R....]....IEND.B`.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\Resources.pri (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3072
                                                                                                                                                                                  Entropy (8bit):3.118957212117411
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:400817D0A91767CB830767AA94383F31
                                                                                                                                                                                  SHA1:73F36C895190223F94E4D52657F14454B2BCBA44
                                                                                                                                                                                  SHA-256:35D92C86C1C054D1C03F4E58B83681BBFD8573143EE5E4CFB4CBD788A1FFC107
                                                                                                                                                                                  SHA-512:2216DFC65E24961A18A4622FF6D8D8A1330283E64477A0E44BAC5B8F9A4CB5690FC90F598BBC152214EE6AA8770FE6608C4C809EC6F2CC73547D8166603B3E15
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:mrm_pri0........ ...............[mrm_decn_info].............8...[mrm_pridescex].........8...H...[mrm_hschema] .................[mrm_res_map__].............@...[mrm_decn_info].........8.......................................................................................................................................................................................................................................W.H.I.T.E...8.0...1.8.0...1.4.0...1.0.0.............8...[mrm_pridescex].........H...........................................H...[mrm_hschema] ...................................U^........m.s.-.a.p.p.x.:././.O.p.e.r.a./...O.p.e.r.a.....................L.......................F...........A...........O...........1.../.......7...!...................................F.i.l.e.s...A.s.s.e.t.s...O.p.e.r.a.P.R.I.C.o.n.f.i.g...x.m.l...7.0.x.7.0.L.o.g.o...p.n.g...1.5.0.x.1.5.0.L.o.g.o...p.n.g..........................................[mrm_res_map__].........@.......,.......................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\debug.log

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):244
                                                                                                                                                                                  Entropy (8bit):5.162701289185902
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:BFCA623C92BCD6C930F09BE6F6937DE9
                                                                                                                                                                                  SHA1:4CD607FE0DAEEA9DF3EBF207E1B35665042E1406
                                                                                                                                                                                  SHA-256:74AFACD9C01F21AC9F15FB1D4C922E7CF78D2C7EC4EDDE36AC940493ED3A1560
                                                                                                                                                                                  SHA-512:2F0457945A880195AC1567CF83336CF70D7C53D3260F034CCBC1494518AAAB477AF493959A7221785D4D7F2721454B3B4FE961B1C7DF9EA76FA12E0BC78B7B73
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:[0206/153623.293:ERROR:check.cc(297)] Check failed: false. NOTREACHED log messages are omitted in official builds. Sorry!.[0206/153623.905:ERROR:check.cc(297)] Check failed: false. NOTREACHED log messages are omitted in official builds. Sorry!.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\installation_status.json

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):12333
                                                                                                                                                                                  Entropy (8bit):5.292895152240265
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:AD5D0D16B556463231A87BF6E9E013FB
                                                                                                                                                                                  SHA1:278D236DFC374AD5C0EB46B5F8312D0D4E986B84
                                                                                                                                                                                  SHA-256:02C2F3873BFD3AD640DC0AFB56A4412FF11D264CDA8FDC0AA4EBF2688E4D8D7B
                                                                                                                                                                                  SHA-512:AD500AF3404DE8E89D6CD07B7A58DA12433DB965B627E76CB79AD72C21470EA863C0B5D3D38F95A73A236BBF96CD59C8A81F28D977B26243A4EFEAE0F5BEA70E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{"_all_users":false,"_launch_from_install_dir":true,"_skip_launcher":false,"_subfolder":"106.0.4998.74","app_id":"1707230173","copy_only":false,"files":["106.0.4998.74.manifest","CUESDK.x64_2017.dll","MEIPreload\\manifest.json","MEIPreload\\preloaded_data.pb","d3dcompiler_47.dll","dxcompiler.dll","dxil.dll","headless_command_resources.pak","headless_lib_data.pak","headless_lib_strings.pak","icudtl.dat","installer.exe","libEGL.dll","libGLESv2.dll","localization\\bg.pak","localization\\bn.pak","localization\\ca.pak","localization\\cs.pak","localization\\da.pak","localization\\de.pak","localization\\el.pak","localization\\en-GB.pak","localization\\en-US.pak","localization\\es-419.pak","localization\\es.pak","localization\\fi.pak","localization\\fil.pak","localization\\fr.pak","localization\\hi.pak","localization\\hr.pak","localization\\hu.pak","localization\\id.pak","localization\\it.pak","localization\\ja.pak","localization\\ko.pak","localization\\lt.pak","localization\\lv.pak","localiza

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\installer_prefs.json (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1624
                                                                                                                                                                                  Entropy (8bit):5.164279432109298
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:25A1809B23BEA77A272906CB5AE61E00
                                                                                                                                                                                  SHA1:357D96603DB5F309803AC9B14E54C3BBA40EBE06
                                                                                                                                                                                  SHA-256:7BCFB6B7BC34DD71A2F6555347F28862E5A7C974D2C142D1AA8CE4C2412A9A4D
                                                                                                                                                                                  SHA-512:D00CC874DB2EAB2F1E99D668AF8BDE774B862484833CED617FEA2DB1246C470AED7C8156E761F9CC05F799E998A1BF9B316AE285523B520B35E0FA9ED7ECA595
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{"all-installer-experiments":["installer-experiment-test@2","installer-bypass-launcher@2"],"autoupdate":false,"browser_edition":"std-1","country":"US","enable_stats":true,"features-dna-requirements":{"818c3ef12d0b":{"forbidden":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"],"required":["64336fb81a04836eb8108d24fbca3aa3682db0a5"]}},"features-remote-flag":"13e025f64bd6:disabled,13eeaf851da7,15322f489976,1ad69b007ce5,1c4dddb65bac,1d24dceb937a,278deecb29a1,2c1429a5a72e,40db6e644d2c:disabled,50796754ffc7,5448a57d6689:disabled,54726ed4401e,56d717ae3ad6,5a28d66c82cd,603cade21cf7,654296fe9d6c,7e93fef4a11d,818c3ef12d0b,8511df77ed15,970fe421a344,9ec4e68ae70a:disabled,b2a2a32b832b,b7751444d14a,b9677b166709:disabled,c24103d5839f:disabled,c57119eb4723,c9a44eaecc11,cbc43aa3cfb6,ce1c7c17ef6e,d144067b33ec,e2c9ffba8439,e7de6afa38c4,f17eaee53639,f3834d6657d8,f77fe4682650,fc82980101cd","import_browser_data":false,"installer-experiments":[],"installer_id":"e716013c-b288-4db0-8980-2d60e36c69fd","language":"e

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2294176
                                                                                                                                                                                  Entropy (8bit):6.471339679882766
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:C76F1E24C27D10347C3851ED2B7767C4
                                                                                                                                                                                  SHA1:42DF4C074792F81ACFD0487ED83BA42E69EA9122
                                                                                                                                                                                  SHA-256:85FCAFA1AFA1DF27CE6A79886FE1596BCA1BE5F4813808124C96EA088BAF11FE
                                                                                                                                                                                  SHA-512:2B3E8DF573381AA9482AB4B0347E716919A4AE03B1DA96F21C35B38E222A5EFD2F05C418B979614BD555693097CA15F0AB4BBA828BDA78FE9F90E7EB67917CB0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........."............................@.............................@$.....!.#...`......................................... ...b.......h....@". ..... .,....."..)... $.\.......8.......................(....C..@............................................text............................... ..`.rdata..8....0......."..............@..@.data...............................@....pdata..,..... .....................@..@.00cfg..0.....!....... .............@..@.gxfg..../....!..0.... .............@..@.retplne......!....... ..................tls..........!....... .............@...LZMADEC......."....... ............. ..`_RDATA..\.... "....... .............@..@malloc_h.....0"....... ............. ..`.rsrc... ....@"....... .............@..@.reloc..\.... $.......".............@..B................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\launcher.visualelementsmanifest.xml (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):317
                                                                                                                                                                                  Entropy (8bit):4.996593526126476
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:E8D8EAA4C2826C083AB9243B5CBD7BF8
                                                                                                                                                                                  SHA1:534361AE03417DFD14EBD6F961B707C75A2AF41A
                                                                                                                                                                                  SHA-256:B3213B07F691C812425115428B9D6E0637D488159E0A1C160C8FA8F04DED11F6
                                                                                                                                                                                  SHA-512:8ECCD5EF54A73E915A39CDEF9768837DD16E49AE27A3AE6428FB346C9C838FD9DBEDC3F40A9094754C770CA2236A0D2DFDE37D22289218D862AF5E8BC15E85E5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <VisualElements. BackgroundColor="#06030D". ShowNameOnSquare150x150Logo="on". ForegroundText="light". Square150x150Logo="Assets\150x150Logo.png". Square70x70Logo="Assets\70x70Logo.png". />.</Application>

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1466272
                                                                                                                                                                                  Entropy (8bit):6.40589832313238
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:39DDB5A73323607B679EE5901EF4152E
                                                                                                                                                                                  SHA1:DB6E47C1C0A1BAB84F867A7B1E7B8C9B72894E39
                                                                                                                                                                                  SHA-256:9A3567A92EA07D08A3931E41E89F21C3A03569DC2AF97B79CC4F0108AF132F9E
                                                                                                                                                                                  SHA-512:26DDA00171DD0B00C045A099759F8029CD6BE03CD079B1C2ABB79A1FF89BB4A7C6C4B82152AD50F42EA9EA663AFF45B6CA1ED2E7DD5849380782665431439BFD
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........."......\...........d.........@.............................P.......^....`.........................................-P..k....P..P.......8........}...6...)...0.......:..8....................8..(...`...@............V......hG.......................text....[.......\.................. ..`.rdata.......p.......`..............@..@.data...............................@....pdata...}.......~..................@..@.00cfg..0.... .......X..............@..@.gxfg....*...0...,...Z..............@..@.retplne.....`...........................tls.........p......................@..._RDATA..\...........................@..@.rsrc...8...........................@..@.reloc.......0......................@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\opera.visualelementsmanifest.xml (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):317
                                                                                                                                                                                  Entropy (8bit):4.996593526126476
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:E8D8EAA4C2826C083AB9243B5CBD7BF8
                                                                                                                                                                                  SHA1:534361AE03417DFD14EBD6F961B707C75A2AF41A
                                                                                                                                                                                  SHA-256:B3213B07F691C812425115428B9D6E0637D488159E0A1C160C8FA8F04DED11F6
                                                                                                                                                                                  SHA-512:8ECCD5EF54A73E915A39CDEF9768837DD16E49AE27A3AE6428FB346C9C838FD9DBEDC3F40A9094754C770CA2236A0D2DFDE37D22289218D862AF5E8BC15E85E5
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:<Application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">. <VisualElements. BackgroundColor="#06030D". ShowNameOnSquare150x150Logo="on". ForegroundText="light". Square150x150Logo="Assets\150x150Logo.png". Square70x70Logo="Assets\70x70Logo.png". />.</Application>

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\pref_default_overrides

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:99914B932BD37A50B983C5E7C90AE93B
                                                                                                                                                                                  SHA1:BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
                                                                                                                                                                                  SHA-256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
                                                                                                                                                                                  SHA-512:27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Programs\Opera GX\server_tracking_data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (904), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):904
                                                                                                                                                                                  Entropy (8bit):5.54153536328489
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:9F424A76210BDEDF7D069698FADF9488
                                                                                                                                                                                  SHA1:29E846F1FD7A3FEA32EC907877E34C6E7B2FC658
                                                                                                                                                                                  SHA-256:46288F1102777C16146493B15C2529AD7EF22D3A786A313C8AB2D394F05BEE98
                                                                                                                                                                                  SHA-512:4EAE7F1A681D7C2A33911FAF10B26E6AC3CCD87988FCAAF3E1177364DA1BB3FE62DE68B62DE1197FD0A15C7697329E4E15D205921D01863047C0D7D09D1BBA2C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe
                                                                                                                                                                                  File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6896544
                                                                                                                                                                                  Entropy (8bit):6.821344034536639
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:38CA4FA9A427D35D0F3229E784ABACD8
                                                                                                                                                                                  SHA1:3585E728245C0CFB43B407A7EB12EE3D304E4FF4
                                                                                                                                                                                  SHA-256:97BAEAD81C48262E357C4F9699401793DB88535B482D086568C5C4677A3D5143
                                                                                                                                                                                  SHA-512:A13B0909EF72E03C8067F716ACBE97699B6BD05DA358852DD315FCD2317EC365154B7269D178A19E4BE01D4DDC6DDC319546F0F28287CB8480E2775EDFB98701
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........."...........d................@..............................i......ji...`.....................................................P.........b......;....i..)....i.$...L...8...................0...(.......@............................................text...k........................... ..`.rdata..Td.......f..................@..@.data...hJ....... ...f..............@....pdata...;.......<..................@..@.00cfg..8...........................@..@.gxfg...P&... ...(..................@..@.retplne.....P...........................tls.........`......................@..._RDATA..\....p......................@..@.rsrc.....b.......b.................@..@.reloc..$.....i.......i.............@..B................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\4b616953-9f45-4830-8853-9bc278c2fefa.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):384
                                                                                                                                                                                  Entropy (8bit):5.191463526678559
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:59634B5660055879E18798A4E7C9BCD7
                                                                                                                                                                                  SHA1:3093B69AFE4E20143374EE98ADA895BED21965D2
                                                                                                                                                                                  SHA-256:021F7FD429B23A88B7EE94073E4C2E8F2BC2A8746DBC9F1C78D18DB35790C252
                                                                                                                                                                                  SHA-512:34D424DDA40C098B24F1E6D940BB4272058A315125EF582766B890F18674B5D0ED2632F7EA8BB2E4EA4A522EB2A606AA73BA6FFCC2BDF598FB9EA04D4F0FC57C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_RO_PB3_DD_3661&utm_content=3661_2577&utm_id=8e2c63d8ae754363947f5f12e2a46921&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-1?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_RO_PB3_DD_3661%26utm_id=8e2c63d8ae754363947f5f12e2a46921%26utm_content=3661_2577"}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\719226b3-375c-443d-8fc7-937af75fe903.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1168
                                                                                                                                                                                  Entropy (8bit):5.116011711617528
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:499C1E6977607D5B1A14CED6287635FC
                                                                                                                                                                                  SHA1:1A752A4378E7EA6AA119F8206FD78300C5EA8C04
                                                                                                                                                                                  SHA-256:6D332EE186A9ADB90F03F4AA318215AF243BE9B9F742ECB0B6503BCC821B99E7
                                                                                                                                                                                  SHA-512:A766ED65688BA802957E411A8C9FF71504FBBBAD703A49D59BB795DEA84838951404FADA9DB5EAA354F8A348C3DA06057CC8814952BF48B0AB79DD358678E958
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{"country":"US","features-dna-requirements":{"818c3ef12d0b":{"forbidden":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"],"required":["64336fb81a04836eb8108d24fbca3aa3682db0a5"]}},"features-remote-flag":"13e025f64bd6:disabled,13eeaf851da7,15322f489976,1ad69b007ce5,1c4dddb65bac,1d24dceb937a,278deecb29a1,2c1429a5a72e,40db6e644d2c:disabled,50796754ffc7,5448a57d6689:disabled,54726ed4401e,56d717ae3ad6,5a28d66c82cd,603cade21cf7,654296fe9d6c,7e93fef4a11d,818c3ef12d0b,8511df77ed15,970fe421a344,9ec4e68ae70a:disabled,b2a2a32b832b,b7751444d14a,b9677b166709:disabled,c24103d5839f:disabled,c57119eb4723,c9a44eaecc11,cbc43aa3cfb6,ce1c7c17ef6e,d144067b33ec,e2c9ffba8439,e7de6afa38c4,f17eaee53639,f3834d6657d8,f77fe4682650,fc82980101cd","remote-features-guid":"fe2d2b1e-b1fb-460b-b93f-cacd7e2a9ee8","welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_RO_PB3_DD_3661&utm_content=3661_2577&utm_id=8e2c63d8ae754363947f5f12e2a46921&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\763fc574-3d8f-480a-9414-442c91b2e6d6.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):399
                                                                                                                                                                                  Entropy (8bit):5.243697880772072
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:BAFA9BEBBFBCD1F2838F1429C0464C2E
                                                                                                                                                                                  SHA1:547B4D4DACD15D0AEE85D689C45E5AB3E321A313
                                                                                                                                                                                  SHA-256:272B10B548667E2FDCE1738D030013FC86FD8E5B6EC533809D20FB82764F7A69
                                                                                                                                                                                  SHA-512:6A427B5315A782D6F260B41CFE2C56D739B7169034D9A220F115A24A2DBDEE2B2CAD65D846AFB7370DB73091DAE8D34C5F1673D38DE7D2A6D87B6886AEE4537B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{"country":"US","welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_RO_PB3_DD_3661&utm_content=3661_2577&utm_id=8e2c63d8ae754363947f5f12e2a46921&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-1?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_RO_PB3_DD_3661%26utm_id=8e2c63d8ae754363947f5f12e2a46921%26utm_content=3661_2577"}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\Opera GX Browser .lnk

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Feb 6 13:36:13 2024, mtime=Tue Feb 6 13:36:13 2024, atime=Mon Feb 5 15:20:19 2024, length=2294176, window=hide
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1432
                                                                                                                                                                                  Entropy (8bit):4.906025769294294
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:C4A5E7B5460224A70B5911F7F4689ECE
                                                                                                                                                                                  SHA1:D6D9A7DD43849A4D9AA59B339D6593E4012BAB92
                                                                                                                                                                                  SHA-256:D7D94428A29E9561071FA8F4893A209C28B366F457AA0616CCAD4B52A2F90A9B
                                                                                                                                                                                  SHA-512:3DF419212F11E82A94A66D270B84D20F06C9F806B9271C04F78400DBE136E1D8D4BD8096F9EA756E45BE1CB70C5704770AC008001D577396511D3B05612C7BBE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:L..................F.... ........Y..ln...Y..D.[6OX....#.....................(.:..DG..Yr?.D..U..k0.&...&......vk.v....|H?..Y.......Y......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^FXXt...........................%..A.p.p.D.a.t.a...B.P.1.....FXZt..Local.<......CW.^FXZt....b.......................%.L.o.c.a.l.....Z.1.....FXht..Programs..B......FXZtFXht..............................P.r.o.g.r.a.m.s.....Z.1.....FX.t..OPERAG~1..B......FXhtFX.t....O.......................,.O.p.e.r.a. .G.X.....f.2...#.EX.. .launcher.exe..J......FX.tFX.t....xA.....................,..l.a.u.n.c.h.e.r...e.x.e.......j...............-.......i...........'.j......C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe..*.....\.....\.....\.....\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.\.l.a.u.n.c.h.e.r...e.x.e...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.............:...........|....I.J.H..K..:...`.......X.......134349...........hT..CrF

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\additional_file0.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1499104
                                                                                                                                                                                  Entropy (8bit):7.985603261747699
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                  SHA1:6368B0A81608C701B06B97AEFF194CE88FD0E3C0
                                                                                                                                                                                  SHA-256:E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
                                                                                                                                                                                  SHA-512:59E46277CA79A43ED8B0A25B24EFF013E251A75F90587E013B9C12851E5DD7283B6172F7D48583982F6A32069457778EE440025C1C754BF7BB6CE8AE1D2C3FC5
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................7........................................b......................H................................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\additional_file1.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1344708
                                                                                                                                                                                  Entropy (8bit):6.081849998191263
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:1FB07CF2B20D516ADC1067D9C4C57BB7
                                                                                                                                                                                  SHA1:DA0BFEB9A98B2FDAF422A1B52FFA33ECA0684EA1
                                                                                                                                                                                  SHA-256:294592F92BDDA407A531D81D64B7D141979F7B5B052370C1041430530DB7C481
                                                                                                                                                                                  SHA-512:F4B17E1E60281465A3288E5BDE7C537AC419236A72B680AD533E93CAE81DC8E12221339A737C27257B0A561192F655C70230D818EB0219CCB5E4641B5FF811D8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// DUwgkzpRs2UBZDQI77+cT3P6rFCB1A0dTs323s0P8VwKPNxJg7UC76QDbcCRMySUWu6oS1yzTCguRlUYTcidqpeZdtHOL09/z+luPzIHHqB/vQ9rnmKvNPJpGrBJkKfytTOuw9v8frDeZaeH6r4iB1b3IcxXDVBG/cZiVMvhj0/b9SbAbkgN94GUrDjIArHEo49eBMFcYKuLFjOUmbiRuESFn3Rlx1SFNsPk2GEohrRvsb3Fzh9UH6hwKFUEBxwUWIGMtPpf2rIDmUxAEUigjvrWMiGoDk4x5FdM+p5livY9OVeyVGtcfDm8zZJ3psJ6Uz8cqK1ZhYsebZFUup9rZA==.{. "version": 32,. "partner_id": "std-1",. "user_agent": "std-1",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0].

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1499104
                                                                                                                                                                                  Entropy (8bit):7.985603261747699
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                  SHA1:6368B0A81608C701B06B97AEFF194CE88FD0E3C0
                                                                                                                                                                                  SHA-256:E950F17F4181009EEAFA9F5306E8A9DFD26D88CA63B1838F44FF0EFC738E7D1F
                                                                                                                                                                                  SHA-512:59E46277CA79A43ED8B0A25B24EFF013E251A75F90587E013B9C12851E5DD7283B6172F7D48583982F6A32069457778EE440025C1C754BF7BB6CE8AE1D2C3FC5
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@.................................7........................................b......................H................................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1853592
                                                                                                                                                                                  Entropy (8bit):6.818631706824549
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                                                  SHA1:8DD93340E3D09DE993C3BC12DB82680A8E69D653
                                                                                                                                                                                  SHA-256:AFE569CE9E4F71C23BA5F6E8FD32BE62AC9538E397CDE8F2ECBE46FAA721242A
                                                                                                                                                                                  SHA-512:A04E6FD052D2D63A0737C83702C66A9AF834F9DF8423666508C42B3E1D8384300239C9DDACDC31C1E85140EB1193BCFAC209F218750B40342492FFCE6E9DA481
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....B.`.........."......`........................@.................................sS....@.............................`................E...........,...............~.......................}......@4..........................@....................text...?_.......`.................. ..`.rdata......p.......d..............@..@.data....c.......0..................@....00cfg.......p......................@..@.tls................................@....voltbl.P...............................CPADinfo0...........................@....rsrc....E.......F..................@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\browser_assistant.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3291288
                                                                                                                                                                                  Entropy (8bit):6.8236015092223115
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:28A21AFB4BDC543B4B0309BB78B8BA4A
                                                                                                                                                                                  SHA1:AB6230C0E1C2C12FC5C9B7A60EA5ADEF99E7783B
                                                                                                                                                                                  SHA-256:672AEB85A07EC1A25DBCF48B64D3BDE24DD0691C2BB27ED74A536776F63B5D27
                                                                                                                                                                                  SHA-512:806A3466DD4DE9BFCA6B13C20E69985DECFB8FFE5A31F785D649DAB249064FC4EC1FBBA9DDAEFC634D6E7AA355FEF73F511357C748043E407F979B150C159CB7
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....B.`..........".......'..........6$...........@...........................2......v2...@........................../.^...1./.T.....0.@.............2.......1......k/..................... j/.......-.............P./.....`./.@....................text.....'.......'................. ..`.rdata....... '.......'.............@..@.data...,n....0..2..../.............@....00cfg.......p0.......0.............@..@.rodata.......0.......0............. ..`.tls..........0.......0.............@....voltbl.\.....0.......0.................CPADinfo0.....0.......0.............@....rsrc...@.....0.......0.............@..@.reloc........1.......0.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\files_list

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):61
                                                                                                                                                                                  Entropy (8bit):4.030896101301726
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:2F070A8DDB1E4A5BC2137DBB2967E9A8
                                                                                                                                                                                  SHA1:F9F38DA409C2D4DFCE3471CF6621B7B81B797BF5
                                                                                                                                                                                  SHA-256:4C3722675F9E72C3ECE2A029DC8637CD8219CEB40B623D6DC75647314036AD3C
                                                                                                                                                                                  SHA-512:52FCB7870637F46D156D2F210E119A52B5B5226B9AEDE66ACF51160FBA45310D865DC4CCE1BD8A82156C414175DE49A5DCB527CF9F635F925D3C5603872CDD7C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:assistant_installer.exe..browser_assistant.exe..mojo_core.dll

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\mojo_core.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):990360
                                                                                                                                                                                  Entropy (8bit):6.751997627821156
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:7913D58432695A0DD61EE6B472FBDE99
                                                                                                                                                                                  SHA1:2F29F0B689539C03F16C1DB7DEBD216F8D71A110
                                                                                                                                                                                  SHA-256:789E08420078F7EAFBE22A28CD657313829E52F9A5133FD20D894A0AADFC0CD1
                                                                                                                                                                                  SHA-512:ECD2D61ED30F455746E7A70D719C9A10C85C861753BBBF9E478F6B5C6790465B1BE6951594222C5B5F5F7471E0A54EFEC8F66247F817E7AD97BB4E5839CC4326
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....B.`.........."!.........F............................................................@A.........................?..t....?............................... ..0l...*.......................).......................B...............................text...|........................... ..`.rdata..(...........................@..@.data...,g.......,...`..............@....00cfg..............................@..@.tls................................@....voltbl..................................reloc..0l... ...n..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\files_list

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):39
                                                                                                                                                                                  Entropy (8bit):3.830148693165749
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:FE7F046D773FC1DE764E1BE70614BF20
                                                                                                                                                                                  SHA1:C2F16957953DEEB6DE1A12FA656AC84FCAA5B085
                                                                                                                                                                                  SHA-256:3D87AD3D7001FBE5D65682BF1111A73C4A1BA68B34C604C6BDE77C5DD8ADCC8E
                                                                                                                                                                                  SHA-512:405BC34A634007AF8159252D1E28AD3578BD6339C81B9DE97E022FD1420D0394488C09A36BD7E23BB38DF466AE2FA1B66420F97198DBD2099A161ABCDA121A03
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:resources/custom_partner_content.json..

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\installer_prefs_include.json (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):384
                                                                                                                                                                                  Entropy (8bit):5.191463526678559
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:59634B5660055879E18798A4E7C9BCD7
                                                                                                                                                                                  SHA1:3093B69AFE4E20143374EE98ADA895BED21965D2
                                                                                                                                                                                  SHA-256:021F7FD429B23A88B7EE94073E4C2E8F2BC2A8746DBC9F1C78D18DB35790C252
                                                                                                                                                                                  SHA-512:34D424DDA40C098B24F1E6D940BB4272058A315125EF582766B890F18674B5D0ED2632F7EA8BB2E4EA4A522EB2A606AA73BA6FFCC2BDF598FB9EA04D4F0FC57C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_RO_PB3_DD_3661&utm_content=3661_2577&utm_id=8e2c63d8ae754363947f5f12e2a46921&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-1?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_RO_PB3_DD_3661%26utm_id=8e2c63d8ae754363947f5f12e2a46921%26utm_content=3661_2577"}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\installer_prefs_include.json.backup

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1168
                                                                                                                                                                                  Entropy (8bit):5.116011711617528
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:499C1E6977607D5B1A14CED6287635FC
                                                                                                                                                                                  SHA1:1A752A4378E7EA6AA119F8206FD78300C5EA8C04
                                                                                                                                                                                  SHA-256:6D332EE186A9ADB90F03F4AA318215AF243BE9B9F742ECB0B6503BCC821B99E7
                                                                                                                                                                                  SHA-512:A766ED65688BA802957E411A8C9FF71504FBBBAD703A49D59BB795DEA84838951404FADA9DB5EAA354F8A348C3DA06057CC8814952BF48B0AB79DD358678E958
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{"country":"US","features-dna-requirements":{"818c3ef12d0b":{"forbidden":["5b3eb4a6c335a0659d16d1a189ca155e4441ea14"],"required":["64336fb81a04836eb8108d24fbca3aa3682db0a5"]}},"features-remote-flag":"13e025f64bd6:disabled,13eeaf851da7,15322f489976,1ad69b007ce5,1c4dddb65bac,1d24dceb937a,278deecb29a1,2c1429a5a72e,40db6e644d2c:disabled,50796754ffc7,5448a57d6689:disabled,54726ed4401e,56d717ae3ad6,5a28d66c82cd,603cade21cf7,654296fe9d6c,7e93fef4a11d,818c3ef12d0b,8511df77ed15,970fe421a344,9ec4e68ae70a:disabled,b2a2a32b832b,b7751444d14a,b9677b166709:disabled,c24103d5839f:disabled,c57119eb4723,c9a44eaecc11,cbc43aa3cfb6,ce1c7c17ef6e,d144067b33ec,e2c9ffba8439,e7de6afa38c4,f17eaee53639,f3834d6657d8,f77fe4682650,fc82980101cd","remote-features-guid":"fe2d2b1e-b1fb-460b-b93f-cacd7e2a9ee8","welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_RO_PB3_DD_3661&utm_content=3661_2577&utm_id=8e2c63d8ae754363947f5f12e2a46921&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\installer_prefs_include.json~RF4084b9.TMP (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):384
                                                                                                                                                                                  Entropy (8bit):5.191463526678559
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:59634B5660055879E18798A4E7C9BCD7
                                                                                                                                                                                  SHA1:3093B69AFE4E20143374EE98ADA895BED21965D2
                                                                                                                                                                                  SHA-256:021F7FD429B23A88B7EE94073E4C2E8F2BC2A8746DBC9F1C78D18DB35790C252
                                                                                                                                                                                  SHA-512:34D424DDA40C098B24F1E6D940BB4272058A315125EF582766B890F18674B5D0ED2632F7EA8BB2E4EA4A522EB2A606AA73BA6FFCC2BDF598FB9EA04D4F0FC57C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{"welcome-url":"https://redir.opera.com/www.opera.com/gx/firstrun/?utm_campaign=PWN_RO_PB3_DD_3661&utm_content=3661_2577&utm_id=8e2c63d8ae754363947f5f12e2a46921&utm_medium=pa&utm_source=PWNgames&http_referrer=&query=/opera_gx/stable/edition/std-1?utm_source=PWNgames%26utm_medium=pa%26utm_campaign=PWN_RO_PB3_DD_3661%26utm_id=8e2c63d8ae754363947f5f12e2a46921%26utm_content=3661_2577"}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\opera_package

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):139990888
                                                                                                                                                                                  Entropy (8bit):7.999994927046636
                                                                                                                                                                                  Encrypted:true
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:D9A07B746D1C7BBE738964B4F727AC27
                                                                                                                                                                                  SHA1:01224816F2F34ECE24728D7DE552BCF76B647C6F
                                                                                                                                                                                  SHA-256:36015707ABD77EB3487FBF6B83D0ACB980C37B8B0676CDB654C89A35B8651EFE
                                                                                                                                                                                  SHA-512:7A057FDA77EE1613B77BF584BFD1EA539707C2BCE71AB7D647382BF4A0F97D4839C51EF8AEFDE9DEAEA91CE7060C983688AA4C1A24F923112A6D7DEFF179C809
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L...'..P.................(...F.......-.......@....@..................................@X......................................b........................W..)...........................................................@..d............................text....&.......(.................. ..`.rdata...5...@...6...*..............@..@.data....)...........`..............@....rsrc................h..............@..@........U..`.A.......S3.;.VWt.f9.b.A.t...`.A.P....P.|..Y.nj'.v....u..v..=.BA..6P......P....9^..].v8.^..3......hhDA.P..........P......P..pAA..E..E....;F.r......P.J|..Y.24..j...lAA...t$..D....3.9.H.A.t...@....9D$.t..t$.Ph.....5@.A....BA.3.....D$..`...|$..u..@.....3.....t$..D$..t$...`.A......t$...P.Q..%`.A...D$...V...t...P.Q...^...VW.|$.....t...W.P.....t...P.Q..>.._^....T$..L$....f..AABBf..u..L$.3.f9.t.@f.<A.u..S.\$.V..C;^.tLW3.j.Z...........Q.......3.9F.Y~.9F.~...f..Af..G@;F.|..6....

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\pref_default_overrides

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:JSON data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:99914B932BD37A50B983C5E7C90AE93B
                                                                                                                                                                                  SHA1:BF21A9E8FBC5A3846FB05B4FA0859E0917B2202F
                                                                                                                                                                                  SHA-256:44136FA355B3678A1146AD16F7E8649E94FB4FC21FE77E8310C060F61CAAFF8A
                                                                                                                                                                                  SHA-512:27C74670ADB75075FAD058D5CEAF7B20C4E7786C83BAE8A32F626F9782AF34C9A33C2046EF60FD2A7878D378E29FEC851806BBD9A67878F3A9F1CDA4830763FD
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:{}

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\resources\custom_partner_content.json (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (1824)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1344708
                                                                                                                                                                                  Entropy (8bit):6.081849998191263
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:1FB07CF2B20D516ADC1067D9C4C57BB7
                                                                                                                                                                                  SHA1:DA0BFEB9A98B2FDAF422A1B52FFA33ECA0684EA1
                                                                                                                                                                                  SHA-256:294592F92BDDA407A531D81D64B7D141979F7B5B052370C1041430530DB7C481
                                                                                                                                                                                  SHA-512:F4B17E1E60281465A3288E5BDE7C537AC419236A72B680AD533E93CAE81DC8E12221339A737C27257B0A561192F655C70230D818EB0219CCB5E4641B5FF811D8
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:// DUwgkzpRs2UBZDQI77+cT3P6rFCB1A0dTs323s0P8VwKPNxJg7UC76QDbcCRMySUWu6oS1yzTCguRlUYTcidqpeZdtHOL09/z+luPzIHHqB/vQ9rnmKvNPJpGrBJkKfytTOuw9v8frDeZaeH6r4iB1b3IcxXDVBG/cZiVMvhj0/b9SbAbkgN94GUrDjIArHEo49eBMFcYKuLFjOUmbiRuESFn3Rlx1SFNsPk2GEohrRvsb3Fzh9UH6hwKFUEBxwUWIGMtPpf2rIDmUxAEUigjvrWMiGoDk4x5FdM+p5livY9OVeyVGtcfDm8zZJ3psJ6Uz8cqK1ZhYsebZFUup9rZA==.{. "version": 32,. "partner_id": "std-1",. "user_agent": "std-1",. "search_engines": {. "location": {. "ad": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0]. }. },. "al": {. "other": {. "list": [. "google_com",. "yahoo",. "duckduckgo",. "amazon",. "bing_attributed_ysrcunow",. "wiki". ],. "speed_dial_index_list": [0].

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\server_tracking_data

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (904), with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):904
                                                                                                                                                                                  Entropy (8bit):5.54153536328489
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:9F424A76210BDEDF7D069698FADF9488
                                                                                                                                                                                  SHA1:29E846F1FD7A3FEA32EC907877E34C6E7B2FC658
                                                                                                                                                                                  SHA-256:46288F1102777C16146493B15C2529AD7EF22D3A786A313C8AB2D394F05BEE98
                                                                                                                                                                                  SHA-512:4EAE7F1A681D7C2A33911FAF10B26E6AC3CCD87988FCAAF3E1177364DA1BB3FE62DE68B62DE1197FD0A15C7697329E4E15D205921D01863047C0D7D09D1BBA2C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3355816
                                                                                                                                                                                  Entropy (8bit):7.7768157039053945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:CFCF91EF96623A139475B53B686229DC
                                                                                                                                                                                  SHA1:D38D63B2B59C8A0A035B5E6BE792045B9F643E6C
                                                                                                                                                                                  SHA-256:BFD52C7C2ECA1BB09D745582455A7D9DB13E85CCFE47B35E7BFD549DF70C8EA0
                                                                                                                                                                                  SHA-512:28354E842D3DFD7B32B6301122070FFD78ADFFE5EBB7F98FA2113FF971E98B7444454DD0EAC4A0AFFE814FBD53C7CE30B6B54CE5A3E2C5EF0A8995E3A92A0D8B
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....e..........".......2..@....#...V...#...V...@...........................V..... .3...@...................................V.......V../............3..,....V.$...........................t.V.......V.............................................UPX0......#.............................UPX1......2...#...2.................@....rsrc....@....V..2....2.............@...4.02.UPX!....*.A.....;eV...2...U.&.......U..SWV.....e..E...E..E.........d....M........}...........M.1..U..Nf.........M.).).....9..L.M.4.9.r.9.wz.u..t.SPQ....K..U.....B...B..M...;}.}>.M....w..Z.9.r....X$...........`.......t.`..A..yN...~.1..E\.6.......^_[]...@>..;!.h...../h...Q......,...0|.....f.U......Ed..p....U.M. ..2.._.@.. ..}..F..E.....op..E...X0.n.......}..u..fF.E.@@..;E.}^.....W.._.9.s...e.)..9.w...r....9...wKc'SQR...........f}.>..W.....O|......[..d..1..M.d..HB..7.8..B?_.....@>..E

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240206153513538.log

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1829)
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):9778
                                                                                                                                                                                  Entropy (8bit):5.80193453751985
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:776A89A4AE5E877E188AB4DD22DC5278
                                                                                                                                                                                  SHA1:B0273473763D41BB079CA921FD8C8B9C9EA14A85
                                                                                                                                                                                  SHA-256:37226A5DEE2F505FA84C019EDAFC3A1E65A65150F043741D28E310C95781598B
                                                                                                                                                                                  SHA-512:B9C357B4EB3AF629493ED1BA4D5FB8F8376EB0BAF5E1D073908F5F54A5CF2C15A688581651230054DB7B0D46D813D39B6545F4D467E886951DF04961C6128D1B
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:[0206/153513.538:INFO:installer_main.cc(453)] Opera GX installer starting - version 106.0.4998.74 Stable.[0206/153513.538:INFO:installer_main.cc(456)] Command line: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --silent --allusers=0.[0206/153513.538:INFO:installer_main.cc(478)] Uninstall:0.[0206/153513.538:INFO:installer_main.cc(479)] Silent:1.[0206/153513.538:INFO:installer_main.cc(480)] Run Immediately0.[0206/153513.538:INFO:installer_main.cc(482)] Backend0.[0206/153513.538:INFO:installer_main.cc(483)] Inside package0.[0206/153513.538:INFO:installer_main.cc(484)] Autoupdate:0.[0206/153513.538:INFO:payload_manager_impl.cc(97)] Reading Payload.[0206/153513.538:INFO:installer_main.cc(610)] Tracking data: NGFlMmI4ZGY1OTU2ZDBiODJhMDFhYzBlYzExNWUzN2QyZjhiM2FmZmFhMmUxMzkxZDRjYTEzMDRhODliMjVhNDp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240206153515017.log

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1839)
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):6268
                                                                                                                                                                                  Entropy (8bit):5.842995726700576
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:87613D802F4C2888A7370FEFB118E7E5
                                                                                                                                                                                  SHA1:19BE9E8C4C8348600079E6E880764E2C348CC041
                                                                                                                                                                                  SHA-256:5D28ED16C4A9F627A3E330E7375A91BA1284E3E2297A6A7C5DBA0062C063F330
                                                                                                                                                                                  SHA-512:95C90E557F959B7EA6F39DF15A35F694F60F6FD1C9E8B8E43976141AA0F05A7A7614DA31E902176E06D04AB44DB00B83229B8833DA6B0BD371E5A2E9287457FB
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:[0206/153515.017:INFO:installer_main.cc(453)] Opera GX installer starting - version 106.0.4998.74 Stable.[0206/153515.017:INFO:installer_main.cc(456)] Command line: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7664 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240206153514" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNv

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer\opera_installer_20240206153613326.log

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:ASCII text, with very long lines (1784)
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):4229
                                                                                                                                                                                  Entropy (8bit):5.712565637488988
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:46FFFB9A7E75711052DF09A8C8404F79
                                                                                                                                                                                  SHA1:F033444ABFA07498572F5FF71AA887722B2B3F93
                                                                                                                                                                                  SHA-256:1560CE3310145539BED00693DF50AF6277C0B90406400BD59384A34E7CF35DD6
                                                                                                                                                                                  SHA-512:6326AC4C929BED6DFB3779162320E8BB1BDF508DBF9A452CF88791AE4809BDBA45F6DD4DF6684DFFCE554E4025DE7EFF911171C9858121C8999ADFF37F79F617
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:[0206/153613.326:INFO:installer_main.cc(453)] Opera GX installer starting - version 106.0.4998.74 Stable.[0206/153613.326:INFO:installer_main.cc(456)] Command line: "C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe" --backend --initial-pid=7664 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMT

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435131327664.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5133216
                                                                                                                                                                                  Entropy (8bit):7.046050150197007
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:951DDF15B2CEF4E1D927CB3B145254CF
                                                                                                                                                                                  SHA1:85C06B0AC6775CEE8E24BA7AC26483DBEF4E0129
                                                                                                                                                                                  SHA-256:85F48334461377FE5DBFDCB1AED408860450AD7C2ABF442B9B6248595FACF3C8
                                                                                                                                                                                  SHA-512:0F20AEB82A0ECBAD1820AF3CC700B245E4152D67989536FB44202787D5D2D5EEE4CD2190D2A2668DAB08C7DE3173D8439770507C491A563B28D4FA37B4F6AA10
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....e.........."!....../.........`.........................................O......RO...@A........................*.6.m.....6......`9..............*N..)...PN.....L.6.......................6......H/...............6.D...8.6.`....................text...H,/......./................. ..`.rdata.......@/......2/.............@..@.data...8....`7..L...H7.............@....00cfg........9.......7.............@..@.rodata.X.... 9.......7............. ..`.tls....Y....09.......7.............@...CPADinfo0....@9.......7.............@...malloc_h.....P9.......7............. ..`.rsrc........`9.......7.............@..@.reloc.......PN.......L.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435134067684.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5133216
                                                                                                                                                                                  Entropy (8bit):7.046050150197007
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:951DDF15B2CEF4E1D927CB3B145254CF
                                                                                                                                                                                  SHA1:85C06B0AC6775CEE8E24BA7AC26483DBEF4E0129
                                                                                                                                                                                  SHA-256:85F48334461377FE5DBFDCB1AED408860450AD7C2ABF442B9B6248595FACF3C8
                                                                                                                                                                                  SHA-512:0F20AEB82A0ECBAD1820AF3CC700B245E4152D67989536FB44202787D5D2D5EEE4CD2190D2A2668DAB08C7DE3173D8439770507C491A563B28D4FA37B4F6AA10
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....e.........."!....../.........`.........................................O......RO...@A........................*.6.m.....6......`9..............*N..)...PN.....L.6.......................6......H/...............6.D...8.6.`....................text...H,/......./................. ..`.rdata.......@/......2/.............@..@.data...8....`7..L...H7.............@....00cfg........9.......7.............@..@.rodata.X.... 9.......7............. ..`.tls....Y....09.......7.............@...CPADinfo0....@9.......7.............@...malloc_h.....P9.......7............. ..`.rsrc........`9.......7.............@..@.reloc.......PN.......L.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435138567768.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5133216
                                                                                                                                                                                  Entropy (8bit):7.046050150197007
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:951DDF15B2CEF4E1D927CB3B145254CF
                                                                                                                                                                                  SHA1:85C06B0AC6775CEE8E24BA7AC26483DBEF4E0129
                                                                                                                                                                                  SHA-256:85F48334461377FE5DBFDCB1AED408860450AD7C2ABF442B9B6248595FACF3C8
                                                                                                                                                                                  SHA-512:0F20AEB82A0ECBAD1820AF3CC700B245E4152D67989536FB44202787D5D2D5EEE4CD2190D2A2668DAB08C7DE3173D8439770507C491A563B28D4FA37B4F6AA10
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....e.........."!....../.........`.........................................O......RO...@A........................*.6.m.....6......`9..............*N..)...PN.....L.6.......................6......H/...............6.D...8.6.`....................text...H,/......./................. ..`.rdata.......@/......2/.............@..@.data...8....`7..L...H7.............@....00cfg........9.......7.............@..@.rodata.X.... 9.......7............. ..`.tls....Y....09.......7.............@...CPADinfo0....@9.......7.............@...malloc_h.....P9.......7............. ..`.rsrc........`9.......7.............@..@.reloc.......PN.......L.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435144237796.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5133216
                                                                                                                                                                                  Entropy (8bit):7.046050150197007
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:951DDF15B2CEF4E1D927CB3B145254CF
                                                                                                                                                                                  SHA1:85C06B0AC6775CEE8E24BA7AC26483DBEF4E0129
                                                                                                                                                                                  SHA-256:85F48334461377FE5DBFDCB1AED408860450AD7C2ABF442B9B6248595FACF3C8
                                                                                                                                                                                  SHA-512:0F20AEB82A0ECBAD1820AF3CC700B245E4152D67989536FB44202787D5D2D5EEE4CD2190D2A2668DAB08C7DE3173D8439770507C491A563B28D4FA37B4F6AA10
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....e.........."!....../.........`.........................................O......RO...@A........................*.6.m.....6......`9..............*N..)...PN.....L.6.......................6......H/...............6.D...8.6.`....................text...H,/......./................. ..`.rdata.......@/......2/.............@..@.data...8....`7..L...H7.............@....00cfg........9.......7.............@..@.rodata.X.... 9.......7............. ..`.tls....Y....09.......7.............@...CPADinfo0....@9.......7.............@...malloc_h.....P9.......7............. ..`.rsrc........`9.......7.............@..@.reloc.......PN.......L.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2402061435148407828.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):5133216
                                                                                                                                                                                  Entropy (8bit):7.046050150197007
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:951DDF15B2CEF4E1D927CB3B145254CF
                                                                                                                                                                                  SHA1:85C06B0AC6775CEE8E24BA7AC26483DBEF4E0129
                                                                                                                                                                                  SHA-256:85F48334461377FE5DBFDCB1AED408860450AD7C2ABF442B9B6248595FACF3C8
                                                                                                                                                                                  SHA-512:0F20AEB82A0ECBAD1820AF3CC700B245E4152D67989536FB44202787D5D2D5EEE4CD2190D2A2668DAB08C7DE3173D8439770507C491A563B28D4FA37B4F6AA10
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....e.........."!....../.........`.........................................O......RO...@A........................*.6.m.....6......`9..............*N..)...PN.....L.6.......................6......H/...............6.D...8.6.`....................text...H,/......./................. ..`.rdata.......@/......2/.............@..@.data...8....`7..L...H7.............@....00cfg........9.......7.............@..@.rodata.X.... 9.......7............. ..`.tls....Y....09.......7.............@...CPADinfo0....@9.......7.............@...malloc_h.....P9.......7............. ..`.rsrc........`9.......7.............@..@.reloc.......PN.......L.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2402061436127016648.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6285216
                                                                                                                                                                                  Entropy (8bit):6.829354515973936
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:55948249F63DBBF1F2023D4651BC35F3
                                                                                                                                                                                  SHA1:70AD20581B588F6C8B1A1D966D0B03F0F4785DF6
                                                                                                                                                                                  SHA-256:4F3E585E75BFCA91462C42C5343ED1B0CD44FBBE9E5AB7D9005745FF441F1DD2
                                                                                                                                                                                  SHA-512:805AC1046CC96E15935D2CE1A7BCBB1186F4B65E75CAB0BA782484EB0E1AEE97CCE4BDCDF80DBA633B83F7C43699852547611ADB8B72411E37522B7B525095D0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." .....>>..d!...............................................a.......`...`A.........................................nF.m....nF......`L.......I.4....._..)...Pa..5..,5F.8....................4F.(...0j>.@........... .F..... mF.`....................text....<>......>>................. ..`.rdata...D...P>..F...B>.............@..@.data....2....G.......G.............@....pdata..4.....I.......H.............@..@.00cfg..0.....K......BJ.............@..@.gxfg....3....K..4...DJ.............@..@.retplne......K......xJ..................rodata.X.....K......zJ............. ..`.tls....i.....L......|J.............@...CPADinfo@.....L.......J.............@...LZMADEC...... L.......J............. ..`_RDATA..\....@L.......J.............@..@malloc_h.....PL.......J............. ..`.rsrc........`L.......J.............@..@.reloc...5...Pa..6...._.............@..B................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2402061436131277280.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6285216
                                                                                                                                                                                  Entropy (8bit):6.829354515973936
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:55948249F63DBBF1F2023D4651BC35F3
                                                                                                                                                                                  SHA1:70AD20581B588F6C8B1A1D966D0B03F0F4785DF6
                                                                                                                                                                                  SHA-256:4F3E585E75BFCA91462C42C5343ED1B0CD44FBBE9E5AB7D9005745FF441F1DD2
                                                                                                                                                                                  SHA-512:805AC1046CC96E15935D2CE1A7BCBB1186F4B65E75CAB0BA782484EB0E1AEE97CCE4BDCDF80DBA633B83F7C43699852547611ADB8B72411E37522B7B525095D0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." .....>>..d!...............................................a.......`...`A.........................................nF.m....nF......`L.......I.4....._..)...Pa..5..,5F.8....................4F.(...0j>.@........... .F..... mF.`....................text....<>......>>................. ..`.rdata...D...P>..F...B>.............@..@.data....2....G.......G.............@....pdata..4.....I.......H.............@..@.00cfg..0.....K......BJ.............@..@.gxfg....3....K..4...DJ.............@..@.retplne......K......xJ..................rodata.X.....K......zJ............. ..`.tls....i.....L......|J.............@...CPADinfo@.....L.......J.............@...LZMADEC...... L.......J............. ..`_RDATA..\....@L.......J.............@..@malloc_h.....PL.......J............. ..`.rsrc........`L.......J.............@..@.reloc...5...Pa..6...._.............@..B................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\Opera_installer_2402061436242703168.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe
                                                                                                                                                                                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6285216
                                                                                                                                                                                  Entropy (8bit):6.829354515973936
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:55948249F63DBBF1F2023D4651BC35F3
                                                                                                                                                                                  SHA1:70AD20581B588F6C8B1A1D966D0B03F0F4785DF6
                                                                                                                                                                                  SHA-256:4F3E585E75BFCA91462C42C5343ED1B0CD44FBBE9E5AB7D9005745FF441F1DD2
                                                                                                                                                                                  SHA-512:805AC1046CC96E15935D2CE1A7BCBB1186F4B65E75CAB0BA782484EB0E1AEE97CCE4BDCDF80DBA633B83F7C43699852547611ADB8B72411E37522B7B525095D0
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....e.........." .....>>..d!...............................................a.......`...`A.........................................nF.m....nF......`L.......I.4....._..)...Pa..5..,5F.8....................4F.(...0j>.@........... .F..... mF.`....................text....<>......>>................. ..`.rdata...D...P>..F...B>.............@..@.data....2....G.......G.............@....pdata..4.....I.......H.............@..@.00cfg..0.....K......BJ.............@..@.gxfg....3....K..4...DJ.............@..@.retplne......K......xJ..................rodata.X.....K......zJ............. ..`.tls....i.....L......|J.............@...CPADinfo@.....L.......J.............@...LZMADEC...... L.......J............. ..`_RDATA..\....@L.......J.............@..@malloc_h.....PL.......J............. ..`.rsrc........`L.......J.............@..@.reloc...5...Pa..6...._.............@..B................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\assistant_installer_20240206153537.log

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe
                                                                                                                                                                                  File Type:ASCII text
                                                                                                                                                                                  Category:modified
                                                                                                                                                                                  Size (bytes):243
                                                                                                                                                                                  Entropy (8bit):5.043835635290685
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:229EAD8814748CB6ED74A57422170CEA
                                                                                                                                                                                  SHA1:C9299DB68217824D9CB7F3F80841097A337106AA
                                                                                                                                                                                  SHA-256:1BFE81EF65897C6FEC57EA55D2B5110B20EFD55F8C9F4ABE4CC031187C33734D
                                                                                                                                                                                  SHA-512:CA62018E71CAEDC0917B77CBC95E3894C0227CEC72294D62F40A8CA0C21337BA5CABDB988861D4F6B7EB83D8AF1DBA4583FFF7CAAFE8D9AA06E4532ACE658281
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:[0206/153537.577:INFO:assistant_installer_main.cc(169)] Running assistant installer with command line "C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --version.

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6144
                                                                                                                                                                                  Entropy (8bit):4.720366600008286
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                  SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                  SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                  SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Antivirus:
                                                                                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\erku (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):184
                                                                                                                                                                                  Entropy (8bit):5.519456370129206
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:4B0B5586ACE3FA10002CCF11C5999E65
                                                                                                                                                                                  SHA1:937F74BCE6E61540EAD8AE86B1CABC7EBA433461
                                                                                                                                                                                  SHA-256:CA64A93AB1F6F9D2F5CC8E90F8EF911E5E5AC1124359F48743A1E0962F1C4B20
                                                                                                                                                                                  SHA-512:EB932DE2685A7B8894FDAF64E5198EFF889E0DF095F6ED7565B870AC798EB4FF7CC2F607DCFBA37566997FE0209D3C109053B99154F12A2E4060DBC933F53172
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:http://guideveil.xyz/pe/build.php?pe=n&sub=2577&source=3876&s1=48352771&title=QWR2YW5jZWQgU3lzdGVtIFJlcGFpciBQcm8gMjAwMiAgUG9ydGFibGUgIE9wdGltaXphdGlvbiAgU0Nsb3VkV1MuZXhl&ti=1707230097

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\is-JLGE1.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\is-S11RF.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):63465
                                                                                                                                                                                  Entropy (8bit):6.933512065672094
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:EEF52E934EAB9C6525F0161255235FEF
                                                                                                                                                                                  SHA1:67B6D6C3B2B5967C98F81F7C1BFC785B23BE8F19
                                                                                                                                                                                  SHA-256:7CC2A96601BEB84CAABF0BB2C62D743678A6C6934BCECD21862B5D64C2E00920
                                                                                                                                                                                  SHA-512:A4B1FEB035C4B518CD9D8D703D0B96D19B730427F7230D93FD20C7FBBCEFD4BEEC61955DE49EA73C100AC415261AF3DA50BA864E47E86A3CC97EC3011F92A11C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@..........................P...............................................t...........?...........................................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata... ...............................rsrc....?.......@...z..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\is-T5V69.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):63465
                                                                                                                                                                                  Entropy (8bit):6.933512065672094
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:EEF52E934EAB9C6525F0161255235FEF
                                                                                                                                                                                  SHA1:67B6D6C3B2B5967C98F81F7C1BFC785B23BE8F19
                                                                                                                                                                                  SHA-256:7CC2A96601BEB84CAABF0BB2C62D743678A6C6934BCECD21862B5D64C2E00920
                                                                                                                                                                                  SHA-512:A4B1FEB035C4B518CD9D8D703D0B96D19B730427F7230D93FD20C7FBBCEFD4BEEC61955DE49EA73C100AC415261AF3DA50BA864E47E86A3CC97EC3011F92A11C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@..........................P...............................................t...........?...........................................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata... ...............................rsrc....?.......@...z..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\is-U3G87.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):184
                                                                                                                                                                                  Entropy (8bit):5.519456370129206
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:4B0B5586ACE3FA10002CCF11C5999E65
                                                                                                                                                                                  SHA1:937F74BCE6E61540EAD8AE86B1CABC7EBA433461
                                                                                                                                                                                  SHA-256:CA64A93AB1F6F9D2F5CC8E90F8EF911E5E5AC1124359F48743A1E0962F1C4B20
                                                                                                                                                                                  SHA-512:EB932DE2685A7B8894FDAF64E5198EFF889E0DF095F6ED7565B870AC798EB4FF7CC2F607DCFBA37566997FE0209D3C109053B99154F12A2E4060DBC933F53172
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:http://guideveil.xyz/pe/build.php?pe=n&sub=2577&source=3876&s1=48352771&title=QWR2YW5jZWQgU3lzdGVtIFJlcGFpciBQcm8gMjAwMiAgUG9ydGFibGUgIE9wdGltaXphdGlvbiAgU0Nsb3VkV1MuZXhl&ti=1707230097

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\ret (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):63465
                                                                                                                                                                                  Entropy (8bit):6.933512065672094
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:EEF52E934EAB9C6525F0161255235FEF
                                                                                                                                                                                  SHA1:67B6D6C3B2B5967C98F81F7C1BFC785B23BE8F19
                                                                                                                                                                                  SHA-256:7CC2A96601BEB84CAABF0BB2C62D743678A6C6934BCECD21862B5D64C2E00920
                                                                                                                                                                                  SHA-512:A4B1FEB035C4B518CD9D8D703D0B96D19B730427F7230D93FD20C7FBBCEFD4BEEC61955DE49EA73C100AC415261AF3DA50BA864E47E86A3CC97EC3011F92A11C
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..iu..i..iw..iu..i...i..id..i!..i...i...it..iRichu..i........................PE..L......K.................^...........0.......p....@..........................P...............................................t...........?...........................................................................p...............................text...L\.......^.................. ..`.rdata.......p.......b..............@..@.data...X\...........v..............@....ndata... ...............................rsrc....?.......@...z..............@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\Desktop\quTbWcnSay.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3199488
                                                                                                                                                                                  Entropy (8bit):6.325049229886336
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:160981DD3A860558906CAA34B3508ECC
                                                                                                                                                                                  SHA1:1CDA94576C32C9E7A2B6E3819228C59414AA7E7B
                                                                                                                                                                                  SHA-256:5EF48C09A486AB6C23B6B2AF6AE0958D917179F176F572288A53A75AA9408D83
                                                                                                                                                                                  SHA-512:FA808FCE9AF5AD65BD39E89CC84453583B12116A022B6DA6669FD0233084CCC0E67EC384E879B449B0484B20EE4FF3764CE1D6506C4F7AC69A91E5758CE9C384
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsnE22.tmp\inetc.dll

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):23040
                                                                                                                                                                                  Entropy (8bit):5.540206398655926
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:CAB75D596ADF6BAC4BA6A8374DD71DE9
                                                                                                                                                                                  SHA1:FB90D4F13331D0C9275FA815937A4FF22EAD6FA3
                                                                                                                                                                                  SHA-256:89E24E4124B607F3F98E4DF508C4DDD2701D8F7FCF1DC6E2ABA11D56C97C0C5A
                                                                                                                                                                                  SHA-512:510786599289C8793526969CFE0A96E049436D40809C1C351642B2C67D5FB2394CB20887010727A5DA35C52A20C5557AD940967053B1B59AD91CA1307208C391
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........yP..*P..*P..*.:.*Y..*P..*...*.["*R..*.[#*Q..*.[.*Q..*]..*Q..*.[.*Q..*RichP..*........PE..L...?..V...........!.........^......!0.......@............................................@..........................D..l....D..d...............................X....................................................@..P............................text...!,.......................... ..`.rdata.......@.......2..............@..@.data...<<...P.......@..............@....rsrc................H..............@..@.reloc..X............R..............@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsnE22.tmp\s

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3355816
                                                                                                                                                                                  Entropy (8bit):7.7768157039053945
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:CFCF91EF96623A139475B53B686229DC
                                                                                                                                                                                  SHA1:D38D63B2B59C8A0A035B5E6BE792045B9F643E6C
                                                                                                                                                                                  SHA-256:BFD52C7C2ECA1BB09D745582455A7D9DB13E85CCFE47B35E7BFD549DF70C8EA0
                                                                                                                                                                                  SHA-512:28354E842D3DFD7B32B6301122070FFD78ADFFE5EBB7F98FA2113FF971E98B7444454DD0EAC4A0AFFE814FBD53C7CE30B6B54CE5A3E2C5EF0A8995E3A92A0D8B
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....e..........".......2..@....#...V...#...V...@...........................V..... .3...@...................................V.......V../............3..,....V.$...........................t.V.......V.............................................UPX0......#.............................UPX1......2...#...2.................@....rsrc....@....V..2....2.............@...4.02.UPX!....*.A.....;eV...2...U.&.......U..SWV.....e..E...E..E.........d....M........}...........M.1..U..Nf.........M.).).....9..L.M.4.9.r.9.wz.u..t.SPQ....K..U.....B...B..M...;}.}>.M....w..Z.9.r....X$...........`.......t.`..A..yN...~.1..E\.6.......^_[]...@>..;!.h...../h...Q......,...0|.....f.U......Ed..p....U.M. ..2.._.@.. ..}..F..E.....op..E...X0.n.......}..u..fF.E.@@..;E.}^.....W.._.9.s...e.)..9.w...r....9...wKc'SQR...........f}.>..W.....O|......[..d..1..M.d..HB..7.8..B?_.....@>..E

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_1.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):11065129
                                                                                                                                                                                  Entropy (8bit):7.96991159694097
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:C060CC25B2F5B27A73D320F1173D1BE9
                                                                                                                                                                                  SHA1:4667FCDACFC6DAD7176ABDED4A4888E54B00E920
                                                                                                                                                                                  SHA-256:129F005C2043E43438B0CB621BF7D6289B12B34E6D7C4D24B9AE15523D171042
                                                                                                                                                                                  SHA-512:28D261461D86909BF30D876125DEDEFE062A23E4265EB495E07A58724C0656BB1256A5313D947362E1D021DA94E76320328D4250344EB44C06E3F7FD94F9795D
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................R...^.......^.......p....@.......................................@......@...................@....... .......p.......................................................`......................."..T....0.......................text....9.......:.................. ..`.itext.......P.......>.............. ..`.data....7...p...8...V..............@....bss.....m...............................idata....... ......................@....didata......0......................@....edata.......@......................@..@.tls.........P...........................rdata..]....`......................@..@.rsrc........p......................@..@....................................@..@........................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4724720
                                                                                                                                                                                  Entropy (8bit):7.0944141075328115
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:FA24733F5A6A6F44D0E65D7D98B84AA6
                                                                                                                                                                                  SHA1:51A62BEAB55096E17F2E17F042F7BD7DEDABF1AE
                                                                                                                                                                                  SHA-256:DA1B144B5F908CB7E811489DFE660E06AA6DF9C9158C6972EC9C79C48AFACB7E
                                                                                                                                                                                  SHA-512:1953201D8CD448AA7D23C3E57665546ACE835F97C8CC8D0F323573CEF03A6F317F86C7C3841268ECE1760B911C67845D7E6AA198A44F720DCA02A5A8BCB8E21E
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............S...S...SA..R...SA..R+..SA..R...S...R...S...R...S...R...SA..R...SA..R...SA..R...S...SO..S...R..S..=S...S..US...S...R...SRich...S................PE..L...G.gb..........".......!.........D.........!...@.........................../.....'.H...@.................................$.*.(.....*.............x.G.x.....-..[....$.p.....................$.......!.@.............!.......).`....................text.....!.......!................. ..`.rdata..di....!..j....!.............@..@.data.......0*..j....*.............@....rsrc.........*.......*.............@..@.reloc...[....-..\...D-.............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\nsnE22.tmp\status.log

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):2
                                                                                                                                                                                  Entropy (8bit):1.0
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:444BCB3A3FCF8389296C49467F27E1D6
                                                                                                                                                                                  SHA1:7A85F4764BBD6DAF1C3545EFBBF0F279A6DC0BEB
                                                                                                                                                                                  SHA-256:2689367B205C16CE32ED4200942B8B8B1E262DFC70D9BC9FBC77C49699A4F1DF
                                                                                                                                                                                  SHA-512:9FBBBB5A0F329F9782E2356FA41D89CF9B3694327C1A934D6AF2A9DF2D7F936CE83717FB513196A4CE5548471708CD7134C2AE99B3C357BCABB2EAFC7B9B7570
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:ok

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera GX Browser .lnk

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Feb 6 13:36:13 2024, mtime=Tue Feb 6 13:36:13 2024, atime=Mon Feb 5 15:20:19 2024, length=2294176, window=hide
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1432
                                                                                                                                                                                  Entropy (8bit):4.906025769294294
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:C4A5E7B5460224A70B5911F7F4689ECE
                                                                                                                                                                                  SHA1:D6D9A7DD43849A4D9AA59B339D6593E4012BAB92
                                                                                                                                                                                  SHA-256:D7D94428A29E9561071FA8F4893A209C28B366F457AA0616CCAD4B52A2F90A9B
                                                                                                                                                                                  SHA-512:3DF419212F11E82A94A66D270B84D20F06C9F806B9271C04F78400DBE136E1D8D4BD8096F9EA756E45BE1CB70C5704770AC008001D577396511D3B05612C7BBE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:L..................F.... ........Y..ln...Y..D.[6OX....#.....................(.:..DG..Yr?.D..U..k0.&...&......vk.v....|H?..Y.......Y......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^FXXt...........................%..A.p.p.D.a.t.a...B.P.1.....FXZt..Local.<......CW.^FXZt....b.......................%.L.o.c.a.l.....Z.1.....FXht..Programs..B......FXZtFXht..............................P.r.o.g.r.a.m.s.....Z.1.....FX.t..OPERAG~1..B......FXhtFX.t....O.......................,.O.p.e.r.a. .G.X.....f.2...#.EX.. .launcher.exe..J......FX.tFX.t....xA.....................,..l.a.u.n.c.h.e.r...e.x.e.......j...............-.......i...........'.j......C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe..*.....\.....\.....\.....\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.\.l.a.u.n.c.h.e.r...e.x.e...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.............:...........|....I.J.H..K..:...`.......X.......134349...........hT..CrF

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX Browser .lnk

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Feb 6 13:36:13 2024, mtime=Tue Feb 6 13:36:13 2024, atime=Mon Feb 5 15:20:19 2024, length=2294176, window=hide
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1432
                                                                                                                                                                                  Entropy (8bit):4.906025769294294
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:C4A5E7B5460224A70B5911F7F4689ECE
                                                                                                                                                                                  SHA1:D6D9A7DD43849A4D9AA59B339D6593E4012BAB92
                                                                                                                                                                                  SHA-256:D7D94428A29E9561071FA8F4893A209C28B366F457AA0616CCAD4B52A2F90A9B
                                                                                                                                                                                  SHA-512:3DF419212F11E82A94A66D270B84D20F06C9F806B9271C04F78400DBE136E1D8D4BD8096F9EA756E45BE1CB70C5704770AC008001D577396511D3B05612C7BBE
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:L..................F.... ........Y..ln...Y..D.[6OX....#.....................(.:..DG..Yr?.D..U..k0.&...&......vk.v....|H?..Y.......Y......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^FXXt...........................%..A.p.p.D.a.t.a...B.P.1.....FXZt..Local.<......CW.^FXZt....b.......................%.L.o.c.a.l.....Z.1.....FXht..Programs..B......FXZtFXht..............................P.r.o.g.r.a.m.s.....Z.1.....FX.t..OPERAG~1..B......FXhtFX.t....O.......................,.O.p.e.r.a. .G.X.....f.2...#.EX.. .launcher.exe..J......FX.tFX.t....xA.....................,..l.a.u.n.c.h.e.r...e.x.e.......j...............-.......i...........'.j......C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe..*.....\.....\.....\.....\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.\.l.a.u.n.c.h.e.r...e.x.e...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.............:...........|....I.J.H..K..:...`.......X.......134349...........hT..CrF

                                                                                                                                                                                  C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):40
                                                                                                                                                                                  Entropy (8bit):3.39546184423832
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:04FE47813ED78D297B4B147090E782A8
                                                                                                                                                                                  SHA1:BBA2BA54E737F4BDFBEEF3D10D2D46A66E2EF79F
                                                                                                                                                                                  SHA-256:7982DA3C2D4B3184A246FFFB5E5495103ED3E8AE6CAB122B3572A0B03DD62D65
                                                                                                                                                                                  SHA-512:D559813E6CA9F0CD3D245AA2379FB608F69FBD59A241E0BDEFCD9FCD29A82A0177C95FF27BE6F65664425D72FD86C202EBAFB137121D277E9AD656BD1DE14A39
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:sdPC......................D`~p.G...|j.+.

                                                                                                                                                                                  C:\Users\user\Desktop\Opera GX Browser .lnk

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Feb 6 13:36:13 2024, mtime=Tue Feb 6 13:36:13 2024, atime=Mon Feb 5 15:20:19 2024, length=2294176, window=hide
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):1442
                                                                                                                                                                                  Entropy (8bit):4.899414970652247
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:81FD1ABA39532A08CAD9A23975249FB1
                                                                                                                                                                                  SHA1:1587CBAAD25EF35D1FFD4C92D272AAC89135A00A
                                                                                                                                                                                  SHA-256:E27FADA40570800AEFD172592F3F9AD6B0E021CF6E180A74D53942E6E3566A64
                                                                                                                                                                                  SHA-512:C3C74AC90C7BE098AB8B60B04ED13EA87D4F0D6E77D20D832E23037FF3817128324EB600BCF7F8F7826C9F67B4D02C231E47ED32F41EF89D1959157310144F4C
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:L..................F.... ........Y..ln...Y..D.[6OX....#.....................(.:..DG..Yr?.D..U..k0.&...&......vk.v....|H?..Y.......Y......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^FXXt...........................%..A.p.p.D.a.t.a...B.P.1.....FXZt..Local.<......CW.^FXZt....b.......................%.L.o.c.a.l.....Z.1.....FXht..Programs..B......FXZtFXht..............................P.r.o.g.r.a.m.s.....Z.1.....FX.t..OPERAG~1..B......FXhtFX.t....O.......................,.O.p.e.r.a. .G.X.....f.2...#.EX.. .launcher.exe..J......FX.tFX.t....xA.....................,..l.a.u.n.c.h.e.r...e.x.e.......j...............-.......i...........'.j......C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe../.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.\.l.a.u.n.c.h.e.r...e.x.e...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.P.r.o.g.r.a.m.s.\.O.p.e.r.a. .G.X.............:...........|....I.J.H..K..:...`.......X.......134349........

                                                                                                                                                                                  C:\Windows\is-0PI61.tmp

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3223613
                                                                                                                                                                                  Entropy (8bit):6.3121717094487435
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:BBF1722288F254DE8D16B7AAE9EF7965
                                                                                                                                                                                  SHA1:A1B701659AC6B39A4BF882786CC11A64D9133B43
                                                                                                                                                                                  SHA-256:D42593A83B9796C8DB28DF9490A9EB99EA8F21A3AD6B4E84EC7D7906549956E2
                                                                                                                                                                                  SHA-512:987CB85F47CF028C997809D25504562F50AF896BD17EA5B025E6B48238574BFFFEF8D8A1EC5A0B4E3A65FD4EBE60542EFCE3954C89F60461E179C8CE0702AB14
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                  C:\Windows\unins000.dat

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:InnoSetup Log Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe, version 0x418, 6295 bytes, 134349\37\user\376, \350\002\002\006\017#
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):6295
                                                                                                                                                                                  Entropy (8bit):4.235976526963533
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:A1B2807492E0B0992510C734DE879D2B
                                                                                                                                                                                  SHA1:83CFDF1641C5C1030C8842019D7318B25376670B
                                                                                                                                                                                  SHA-256:FBD5B993B5E58DC01899608C22D8429C9C6C65D94DC4A44853C5FB42EE7D2213
                                                                                                                                                                                  SHA-512:68668EC406A7B3D35A18A7C97381F26F97D5F6CE7F9D59451E1D6666874473BAA300B4F300A3A4FE77008387A64E8621169C2AD8FC166DBF35574A1590B37B5D
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:Inno Setup Uninstall Log (b)....................................Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe...........................................................Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe..........................................................................................................................................................................................R........<........;........1.3.4.3.4.9......j.o.n.e.s.....................#...>.. .....^........IFPS....'........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TDOWNLOADWIZARDPAGE....TDOWNLOADWIZARDPAGE.........TNEWRADIOBUTTON....TNEWRADIOBUTTON..................TONDOWNLOADPROGRES

                                                                                                                                                                                  C:\Windows\unins000.exe (copy)

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):3223613
                                                                                                                                                                                  Entropy (8bit):6.3121717094487435
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:BBF1722288F254DE8D16B7AAE9EF7965
                                                                                                                                                                                  SHA1:A1B701659AC6B39A4BF882786CC11A64D9133B43
                                                                                                                                                                                  SHA-256:D42593A83B9796C8DB28DF9490A9EB99EA8F21A3AD6B4E84EC7D7906549956E2
                                                                                                                                                                                  SHA-512:987CB85F47CF028C997809D25504562F50AF896BD17EA5B025E6B48238574BFFFEF8D8A1EC5A0B4E3A65FD4EBE60542EFCE3954C89F60461E179C8CE0702AB14
                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c.................L,.........hf,......p,...@...........................1...........@......@....................-.......-..9...................................................................................-.......-......................text.... ,......",................. ..`.itext...(...@,..*...&,............. ..`.data...X....p,......P,.............@....bss.....y....-..........................idata...9....-..:....,.............@....didata.......-.......-.............@....edata........-......*-.............@..@.tls....L.....-..........................rdata..]............,-.............@..@.rsrc.................-.............@..@..............1.......0.............@..@........................................................

                                                                                                                                                                                  \Device\Mailslot\opera_installer\C:\Users\user\AppData\Local\Programs\Opera GX

                                                                                                                                                                                  Download File
                                                                                                                                                                                  Process:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  File Type:data
                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                  Size (bytes):4552
                                                                                                                                                                                  Entropy (8bit):3.9132475548573042
                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                  SSDEEP:
                                                                                                                                                                                  MD5:83315AEA5E22DD8EF109BA5AE78D9B1E
                                                                                                                                                                                  SHA1:2D87AD11A43C47C45CFB1C5DA6714CE28D6D23C4
                                                                                                                                                                                  SHA-256:C6D97377DA2BAFDF1923E2390B49819D5E6CC16853229D3DA8FC912BC8A1FD93
                                                                                                                                                                                  SHA-512:39EC12E46E5678EEBD0C00D24654870C1DC0E3ED6DA7880437CDEA39FB0810C8C07EF95D973E3CA1152C1165138531AFD483F88E44A1A1B52D3459C338CBD757
                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                  Reputation:unknown
                                                                                                                                                                                  Preview:........:Installer message:..... .......:Installer message:......... .......:Installer message:.....%...8.......:Installer message:.........verify_package_contents.H.......:Installer message:.........verify_package_contents.................P.......:Installer message:...../...copy_file:resources/custom_partner_content.json.`.......:Installer message:...../...copy_file:resources/custom_partner_content.json.................0.......:Installer message:.........delete_file_step@.......:Installer message:.........delete_file_step................0.......:Installer message:.........delete_file_step@.......:Installer message:.........delete_file_step................,.......:Installer message:.........move_file...<.......:Installer message:.........move_file...................,.......:Installer message:.........move_file...<.......:Installer message:.........move_file...................,.......:Installer message:.........move_file...<.......:Installer message:.........move_file...................

                                                                                                                                                                                  Static File Info

                                                                                                                                                                                  General

                                                                                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                  Entropy (8bit):7.414781423991489
                                                                                                                                                                                  TrID:
                                                                                                                                                                                  • Win32 Executable (generic) a (10002005/4) 98.04%
                                                                                                                                                                                  • Inno Setup installer (109748/4) 1.08%
                                                                                                                                                                                  • InstallShield setup (43055/19) 0.42%
                                                                                                                                                                                  • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                  • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                  File name:quTbWcnSay.exe
                                                                                                                                                                                  File size:1'672'111 bytes
                                                                                                                                                                                  MD5:52c24e7a6a10f1418ead6e5541a2b443
                                                                                                                                                                                  SHA1:105b34e6ccd98cad51e88cb0b06e695caaff45bd
                                                                                                                                                                                  SHA256:7332fbc6fd5023cc26cd2e7414e8c40312783cc39b40815b91b7618b1d4c49b2
                                                                                                                                                                                  SHA512:cb886e7cb453202904e4b4743c9441983a9ab51878ded8059a614b67c7ec34f77cc92e959796a0ff2527a62932a3ba1f2999a01f4319bc1723b9125f7d6fab9f
                                                                                                                                                                                  SSDEEP:24576:s7FUDowAyrTVE3U5F/ezKKic6QL3E2vVsjECUAQT45deRV9RD:sBuZrEU5KIy029s4C1eH9J
                                                                                                                                                                                  TLSH:F675BF3FF268A13EC56A1B3245738320997BBA51B81A8C1E47FC384DCF765601E3B656
                                                                                                                                                                                  File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                  File Icon

                                                                                                                                                                                  Icon Hash:0c0c2d33ceec80aa

                                                                                                                                                                                  Static PE Info

                                                                                                                                                                                  General

                                                                                                                                                                                  Entrypoint:0x4b5eec
                                                                                                                                                                                  Entrypoint Section:.itext
                                                                                                                                                                                  Digitally signed:false
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  Subsystem:windows gui
                                                                                                                                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                  Time Stamp:0x63ECF218 [Wed Feb 15 14:54:16 2023 UTC]
                                                                                                                                                                                  TLS Callbacks:
                                                                                                                                                                                  CLR (.Net) Version:
                                                                                                                                                                                  OS Version Major:6
                                                                                                                                                                                  OS Version Minor:1
                                                                                                                                                                                  File Version Major:6
                                                                                                                                                                                  File Version Minor:1
                                                                                                                                                                                  Subsystem Version Major:6
                                                                                                                                                                                  Subsystem Version Minor:1
                                                                                                                                                                                  Import Hash:e569e6f445d32ba23766ad67d1e3787f

                                                                                                                                                                                  Entrypoint Preview

                                                                                                                                                                                  Instruction
                                                                                                                                                                                  push ebp
                                                                                                                                                                                  mov ebp, esp
                                                                                                                                                                                  add esp, FFFFFFA4h
                                                                                                                                                                                  push ebx
                                                                                                                                                                                  push esi
                                                                                                                                                                                  push edi
                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                  mov dword ptr [ebp-3Ch], eax
                                                                                                                                                                                  mov dword ptr [ebp-40h], eax
                                                                                                                                                                                  mov dword ptr [ebp-5Ch], eax
                                                                                                                                                                                  mov dword ptr [ebp-30h], eax
                                                                                                                                                                                  mov dword ptr [ebp-38h], eax
                                                                                                                                                                                  mov dword ptr [ebp-34h], eax
                                                                                                                                                                                  mov dword ptr [ebp-2Ch], eax
                                                                                                                                                                                  mov dword ptr [ebp-28h], eax
                                                                                                                                                                                  mov dword ptr [ebp-14h], eax
                                                                                                                                                                                  mov eax, 004B14B8h
                                                                                                                                                                                  call 00007F026D3E3735h
                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                  push ebp
                                                                                                                                                                                  push 004B65E2h
                                                                                                                                                                                  push dword ptr fs:[eax]
                                                                                                                                                                                  mov dword ptr fs:[eax], esp
                                                                                                                                                                                  xor edx, edx
                                                                                                                                                                                  push ebp
                                                                                                                                                                                  push 004B659Eh
                                                                                                                                                                                  push dword ptr fs:[edx]
                                                                                                                                                                                  mov dword ptr fs:[edx], esp
                                                                                                                                                                                  mov eax, dword ptr [004BE634h]
                                                                                                                                                                                  call 00007F026D486227h
                                                                                                                                                                                  call 00007F026D485D7Ah
                                                                                                                                                                                  lea edx, dword ptr [ebp-14h]
                                                                                                                                                                                  xor eax, eax
                                                                                                                                                                                  call 00007F026D3F91D4h
                                                                                                                                                                                  mov edx, dword ptr [ebp-14h]
                                                                                                                                                                                  mov eax, 004C1D84h
                                                                                                                                                                                  call 00007F026D3DE327h
                                                                                                                                                                                  push 00000002h
                                                                                                                                                                                  push 00000000h
                                                                                                                                                                                  push 00000001h
                                                                                                                                                                                  mov ecx, dword ptr [004C1D84h]
                                                                                                                                                                                  mov dl, 01h
                                                                                                                                                                                  mov eax, dword ptr [004238ECh]
                                                                                                                                                                                  call 00007F026D3FA357h
                                                                                                                                                                                  mov dword ptr [004C1D88h], eax
                                                                                                                                                                                  xor edx, edx
                                                                                                                                                                                  push ebp
                                                                                                                                                                                  push 004B654Ah
                                                                                                                                                                                  push dword ptr fs:[edx]
                                                                                                                                                                                  mov dword ptr fs:[edx], esp
                                                                                                                                                                                  call 00007F026D4862AFh
                                                                                                                                                                                  mov dword ptr [004C1D90h], eax
                                                                                                                                                                                  mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                  cmp dword ptr [eax+0Ch], 01h
                                                                                                                                                                                  jne 00007F026D48C4CAh
                                                                                                                                                                                  mov eax, dword ptr [004C1D90h]
                                                                                                                                                                                  mov edx, 00000028h
                                                                                                                                                                                  call 00007F026D3FAC4Ch
                                                                                                                                                                                  mov edx, dword ptr [004C1D90h]

                                                                                                                                                                                  Data Directories

                                                                                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0xc40000x9a.edata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc20000xfdc.idata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x11000.rsrc
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0xc60000x18.rdata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0xc22f40x254.idata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xc30000x1a4.didata
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                  Sections

                                                                                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                  .text0x10000xb39e40xb3a0043af0a9476ca224d8e8461f1e22c94daFalse0.34525867693110646data6.357635049994181IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                  .itext0xb50000x16880x1800185e04b9a1f554e31f7f848515dc890cFalse0.54443359375data5.971425428435973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                  .data0xb70000x37a40x3800cab2107c933b696aa5cf0cc6c3fd3980False0.36097935267857145data5.048648594372454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  .bss0xbb0000x6de80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  .idata0xc20000xfdc0x1000e7d1635e2624b124cfdce6c360ac21cdFalse0.3798828125data5.029087481102678IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  .didata0xc30000x1a40x2008ced971d8a7705c98b173e255d8c9aa7False0.345703125data2.7509822285969876IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  .edata0xc40000x9a0x2008d4e1e508031afe235bf121c80fd7d5fFalse0.2578125data1.877162954504408IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                  .tls0xc50000x180x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                  .rdata0xc60000x5d0x2008f2f090acd9622c88a6a852e72f94e96False0.189453125data1.3838943752217987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                  .rsrc0xc70000x110000x11000c709e0373ace7a0e07615c2064c0b74eFalse0.18635110294117646data3.6962514995633304IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                  Resources

                                                                                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                  RT_ICON0xc76780xa68Device independent bitmap graphic, 64 x 128 x 4, image size 2048EnglishUnited States0.1174924924924925
                                                                                                                                                                                  RT_ICON0xc80e00x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States0.15792682926829268
                                                                                                                                                                                  RT_ICON0xc87480x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.23387096774193547
                                                                                                                                                                                  RT_ICON0xc8a300x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States0.39864864864864863
                                                                                                                                                                                  RT_ICON0xc8b580x1628Device independent bitmap graphic, 64 x 128 x 8, image size 4096, 256 important colorsEnglishUnited States0.08339210155148095
                                                                                                                                                                                  RT_ICON0xca1800xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.1023454157782516
                                                                                                                                                                                  RT_ICON0xcb0280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.10649819494584838
                                                                                                                                                                                  RT_ICON0xcb8d00x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.10838150289017341
                                                                                                                                                                                  RT_ICON0xcbe380x12e5PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.8712011577424024
                                                                                                                                                                                  RT_ICON0xcd1200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.05668398677373642
                                                                                                                                                                                  RT_ICON0xd13480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.08475103734439834
                                                                                                                                                                                  RT_ICON0xd38f00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.09920262664165103
                                                                                                                                                                                  RT_ICON0xd49980x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2047872340425532
                                                                                                                                                                                  RT_STRING0xd4e000x360data0.34375
                                                                                                                                                                                  RT_STRING0xd51600x260data0.3256578947368421
                                                                                                                                                                                  RT_STRING0xd53c00x45cdata0.4068100358422939
                                                                                                                                                                                  RT_STRING0xd581c0x40cdata0.3754826254826255
                                                                                                                                                                                  RT_STRING0xd5c280x2d4data0.39226519337016574
                                                                                                                                                                                  RT_STRING0xd5efc0xb8data0.6467391304347826
                                                                                                                                                                                  RT_STRING0xd5fb40x9cdata0.6410256410256411
                                                                                                                                                                                  RT_STRING0xd60500x374data0.4230769230769231
                                                                                                                                                                                  RT_STRING0xd63c40x398data0.3358695652173913
                                                                                                                                                                                  RT_STRING0xd675c0x368data0.3795871559633027
                                                                                                                                                                                  RT_STRING0xd6ac40x2a4data0.4275147928994083
                                                                                                                                                                                  RT_RCDATA0xd6d680x10data1.5
                                                                                                                                                                                  RT_RCDATA0xd6d780x2c4data0.6384180790960452
                                                                                                                                                                                  RT_RCDATA0xd703c0x2cdata1.1590909090909092
                                                                                                                                                                                  RT_GROUP_ICON0xd70680xbcdataEnglishUnited States0.6170212765957447
                                                                                                                                                                                  RT_VERSION0xd71240x584dataEnglishUnited States0.2811614730878187
                                                                                                                                                                                  RT_MANIFEST0xd76a80x7a8XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3377551020408163

                                                                                                                                                                                  Imports

                                                                                                                                                                                  DLLImport
                                                                                                                                                                                  kernel32.dllGetACP, GetExitCodeProcess, LocalFree, CloseHandle, SizeofResource, VirtualProtect, VirtualFree, GetFullPathNameW, ExitProcess, HeapAlloc, GetCPInfoExW, RtlUnwind, GetCPInfo, GetStdHandle, GetModuleHandleW, FreeLibrary, HeapDestroy, ReadFile, CreateProcessW, GetLastError, GetModuleFileNameW, SetLastError, FindResourceW, CreateThread, CompareStringW, LoadLibraryA, ResetEvent, GetVersion, RaiseException, FormatMessageW, SwitchToThread, GetExitCodeThread, GetCurrentThread, LoadLibraryExW, LockResource, GetCurrentThreadId, UnhandledExceptionFilter, VirtualQuery, VirtualQueryEx, Sleep, EnterCriticalSection, SetFilePointer, LoadResource, SuspendThread, GetTickCount, GetFileSize, GetStartupInfoW, GetFileAttributesW, InitializeCriticalSection, GetSystemWindowsDirectoryW, GetThreadPriority, SetThreadPriority, GetCurrentProcess, VirtualAlloc, GetSystemInfo, GetCommandLineW, LeaveCriticalSection, GetProcAddress, ResumeThread, GetVersionExW, VerifyVersionInfoW, HeapCreate, GetWindowsDirectoryW, VerSetConditionMask, GetDiskFreeSpaceW, FindFirstFileW, GetUserDefaultUILanguage, lstrlenW, QueryPerformanceCounter, SetEndOfFile, HeapFree, WideCharToMultiByte, FindClose, MultiByteToWideChar, LoadLibraryW, SetEvent, CreateFileW, GetLocaleInfoW, GetSystemDirectoryW, DeleteFileW, GetLocalTime, GetEnvironmentVariableW, WaitForSingleObject, WriteFile, ExitThread, DeleteCriticalSection, TlsGetValue, GetDateFormatW, SetErrorMode, IsValidLocale, TlsSetValue, CreateDirectoryW, GetSystemDefaultUILanguage, EnumCalendarInfoW, LocalAlloc, GetUserDefaultLangID, RemoveDirectoryW, CreateEventW, SetThreadLocale, GetThreadLocale
                                                                                                                                                                                  comctl32.dllInitCommonControls
                                                                                                                                                                                  version.dllGetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
                                                                                                                                                                                  user32.dllCreateWindowExW, TranslateMessage, CharLowerBuffW, CallWindowProcW, CharUpperW, PeekMessageW, GetSystemMetrics, SetWindowLongW, MessageBoxW, DestroyWindow, CharUpperBuffW, CharNextW, MsgWaitForMultipleObjects, LoadStringW, ExitWindowsEx, DispatchMessageW
                                                                                                                                                                                  oleaut32.dllSysAllocStringLen, SafeArrayPtrOfIndex, VariantCopy, SafeArrayGetLBound, SafeArrayGetUBound, VariantInit, VariantClear, SysFreeString, SysReAllocStringLen, VariantChangeType, SafeArrayCreate
                                                                                                                                                                                  netapi32.dllNetWkstaGetInfo, NetApiBufferFree
                                                                                                                                                                                  advapi32.dllConvertStringSecurityDescriptorToSecurityDescriptorW, RegQueryValueExW, AdjustTokenPrivileges, GetTokenInformation, ConvertSidToStringSidW, LookupPrivilegeValueW, RegCloseKey, OpenProcessToken, RegOpenKeyExW

                                                                                                                                                                                  Exports

                                                                                                                                                                                  NameOrdinalAddress
                                                                                                                                                                                  TMethodImplementationIntercept30x4541a8
                                                                                                                                                                                  __dbk_fcall_wrapper20x40d0a0
                                                                                                                                                                                  dbkFCallWrapperAddr10x4be63c

                                                                                                                                                                                  Possible Origin

                                                                                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                  EnglishUnited States

                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                  Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                  Statistics

                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                  Behavior

                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                  System Behavior

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:0
                                                                                                                                                                                  Start time:15:34:51
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\Desktop\quTbWcnSay.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\Users\user\Desktop\quTbWcnSay.exe
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:1'672'111 bytes
                                                                                                                                                                                  MD5 hash:52C24E7A6A10F1418EAD6E5541A2B443
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:1
                                                                                                                                                                                  Start time:15:34:51
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\is-G41TD.tmp\quTbWcnSay.tmp" /SL5="$20458,832512,832512,C:\Users\user\Desktop\quTbWcnSay.exe"
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:3'199'488 bytes
                                                                                                                                                                                  MD5 hash:160981DD3A860558906CAA34B3508ECC
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:Borland Delphi
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:2
                                                                                                                                                                                  Start time:15:35:00
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:63'465 bytes
                                                                                                                                                                                  MD5 hash:EEF52E934EAB9C6525F0161255235FEF
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:4
                                                                                                                                                                                  Start time:15:35:13
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --silent --allusers=0
                                                                                                                                                                                  Imagebase:0x650000
                                                                                                                                                                                  File size:3'355'816 bytes
                                                                                                                                                                                  MD5 hash:CFCF91EF96623A139475B53B686229DC
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:5
                                                                                                                                                                                  Start time:15:35:13
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x398,0x39c,0x3a0,0x374,0x3a4,0x6c5ae5e8,0x6c5ae5f4,0x6c5ae600
                                                                                                                                                                                  Imagebase:0x650000
                                                                                                                                                                                  File size:3'355'816 bytes
                                                                                                                                                                                  MD5 hash:CFCF91EF96623A139475B53B686229DC
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:6
                                                                                                                                                                                  Start time:15:35:13
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\set_0.exe" --version
                                                                                                                                                                                  Imagebase:0x550000
                                                                                                                                                                                  File size:3'355'816 bytes
                                                                                                                                                                                  MD5 hash:CFCF91EF96623A139475B53B686229DC
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:7
                                                                                                                                                                                  Start time:15:35:14
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=7664 --package-dir-prefix="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240206153514" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0806000000000000
                                                                                                                                                                                  Imagebase:0x650000
                                                                                                                                                                                  File size:3'355'816 bytes
                                                                                                                                                                                  MD5 hash:CFCF91EF96623A139475B53B686229DC
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:8
                                                                                                                                                                                  Start time:15:35:14
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_0.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x388,0x38c,0x390,0x364,0x394,0x6ba1e5e8,0x6ba1e5f4,0x6ba1e600
                                                                                                                                                                                  Imagebase:0x650000
                                                                                                                                                                                  File size:3'355'816 bytes
                                                                                                                                                                                  MD5 hash:CFCF91EF96623A139475B53B686229DC
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:11
                                                                                                                                                                                  Start time:15:35:36
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
                                                                                                                                                                                  Imagebase:0x400000
                                                                                                                                                                                  File size:1'499'104 bytes
                                                                                                                                                                                  MD5 hash:E9A2209B61F4BE34F25069A6E54AFFEA
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:12
                                                                                                                                                                                  Start time:15:35:37
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --version
                                                                                                                                                                                  Imagebase:0xd60000
                                                                                                                                                                                  File size:1'853'592 bytes
                                                                                                                                                                                  MD5 hash:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:13
                                                                                                                                                                                  Start time:15:35:37
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0xf14f48,0xf14f58,0xf14f64
                                                                                                                                                                                  Imagebase:0xd60000
                                                                                                                                                                                  File size:1'853'592 bytes
                                                                                                                                                                                  MD5 hash:4C8FBED0044DA34AD25F781C3D117A66
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:moderate
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:14
                                                                                                                                                                                  Start time:15:36:12
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe" --backend --initial-pid=7664 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\user\AppData\Local\Programs\Opera GX" --profile-folder --language=en-GB --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\user\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402061535141" --session-guid=75a53667-4b95-44a9-92ea-4bfb86fd3244 --server-tracking-blob=MzkxOTZlNTA1MDhiZTNiZDVjZDA3YTZhNDU1ZWNiYmNiZDVjZmNmNDM1NWIyYzk2ZWVlZmZlYjNlMTFiNDI3OTp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJzdGQtMSIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0xP3V0bV9zb3VyY2U9UFdOZ2FtZXMmdXRtX21lZGl1bT1wYSZ1dG1fY2FtcGFpZ249UFdOX1JPX1BCM19ERF8zNjYxJnV0bV9pZD04ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSZ1dG1fY29udGVudD0zNjYxXzI1NzciLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDcyMzAxMTIuNjE5OCIsInVzZXJhZ2VudCI6Iklubm9Eb3dubG9hZFBsdWdpbi8xLjUiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fUk9fUEIzX0REXzM2NjEiLCJjb250ZW50IjoiMzY2MV8yNTc3IiwiaWQiOiI4ZTJjNjNkOGFlNzU0MzYzOTQ3ZjVmMTJlMmE0NjkyMSIsIm1lZGl1bSI6InBhIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImU3MTYwMTNjLWIyODgtNGRiMC04OTgwLTJkNjBlMzZjNjlmZCJ9 --silent --desktopshortcut=1 --install-subfolder=106.0.4998.74
                                                                                                                                                                                  Imagebase:0x7ff6faf30000
                                                                                                                                                                                  File size:6'896'544 bytes
                                                                                                                                                                                  MD5 hash:38CA4FA9A427D35D0F3229E784ABACD8
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:15
                                                                                                                                                                                  Start time:15:36:12
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\106.0.4998.74\installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\user\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=106.0.4998.74 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ffdfb94a5b0,0x7ffdfb94a5bc,0x7ffdfb94a5c8
                                                                                                                                                                                  Imagebase:0x7ff6faf30000
                                                                                                                                                                                  File size:6'896'544 bytes
                                                                                                                                                                                  MD5 hash:38CA4FA9A427D35D0F3229E784ABACD8
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:18
                                                                                                                                                                                  Start time:15:36:15
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                  Imagebase:0x7ff72b770000
                                                                                                                                                                                  File size:5'141'208 bytes
                                                                                                                                                                                  MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:19
                                                                                                                                                                                  Start time:15:36:17
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:20
                                                                                                                                                                                  Start time:15:36:17
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:21
                                                                                                                                                                                  Start time:15:36:17
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:22
                                                                                                                                                                                  Start time:15:36:17
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:23
                                                                                                                                                                                  Start time:15:36:18
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:25
                                                                                                                                                                                  Start time:15:36:18
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Reputation:high
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:26
                                                                                                                                                                                  Start time:15:36:18
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:27
                                                                                                                                                                                  Start time:15:36:19
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:28
                                                                                                                                                                                  Start time:15:36:19
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:29
                                                                                                                                                                                  Start time:15:36:20
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:30
                                                                                                                                                                                  Start time:15:36:21
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:31
                                                                                                                                                                                  Start time:15:36:21
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:32
                                                                                                                                                                                  Start time:15:36:21
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:33
                                                                                                                                                                                  Start time:15:36:21
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:34
                                                                                                                                                                                  Start time:15:36:22
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:35
                                                                                                                                                                                  Start time:15:36:22
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --scheduledautoupdate 0
                                                                                                                                                                                  Imagebase:0x7ff64ab80000
                                                                                                                                                                                  File size:2'294'176 bytes
                                                                                                                                                                                  MD5 hash:C76F1E24C27D10347C3851ED2B7767C4
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Antivirus matches:
                                                                                                                                                                                  • Detection: 0%, ReversingLabs
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:37
                                                                                                                                                                                  Start time:15:36:23
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:38
                                                                                                                                                                                  Start time:15:36:23
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe" --start-maximized
                                                                                                                                                                                  Imagebase:0x7ff64ab80000
                                                                                                                                                                                  File size:2'294'176 bytes
                                                                                                                                                                                  MD5 hash:C76F1E24C27D10347C3851ED2B7767C4
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:39
                                                                                                                                                                                  Start time:15:36:23
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe
                                                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                                                  Commandline:"C:\Program Files (x86)\UxybGYXaoQEUBfehUKyZMhhAIotVFAaIZmPWNYOBmpJQgyK\jyKJvjQuuEeSXFxWJ.exe"
                                                                                                                                                                                  Imagebase:0x1c0000
                                                                                                                                                                                  File size:140'800 bytes
                                                                                                                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                                                                                  Has elevated privileges:false
                                                                                                                                                                                  Has administrator privileges:false
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:false

                                                                                                                                                                                  General

                                                                                                                                                                                  Target ID:40
                                                                                                                                                                                  Start time:15:36:23
                                                                                                                                                                                  Start date:06/02/2024
                                                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe
                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                  Commandline:"C:\Users\user\AppData\Local\Temp\.opera\BDDCE5348F09\installer.exe" --version
                                                                                                                                                                                  Imagebase:0x7ff7f2460000
                                                                                                                                                                                  File size:6'896'544 bytes
                                                                                                                                                                                  MD5 hash:38CA4FA9A427D35D0F3229E784ABACD8
                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                  Has exited:true

                                                                                                                                                                                  Disassembly

                                                                                                                                                                                  Reset < >

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:22.9%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                    Signature Coverage:22.8%
                                                                                                                                                                                    Total number of Nodes:1225
                                                                                                                                                                                    Total number of Limit Nodes:35
                                                                                                                                                                                    execution_graph 3394 401cc1 GetDlgItem GetClientRect 3395 4029f6 18 API calls 3394->3395 3396 401cf1 LoadImageA SendMessageA 3395->3396 3397 40288b 3396->3397 3398 401d0f DeleteObject 3396->3398 3398->3397 3399 401dc1 3400 4029f6 18 API calls 3399->3400 3401 401dc7 3400->3401 3402 4029f6 18 API calls 3401->3402 3403 401dd0 3402->3403 3404 4029f6 18 API calls 3403->3404 3405 401dd9 3404->3405 3406 4029f6 18 API calls 3405->3406 3407 401de2 3406->3407 3408 401423 25 API calls 3407->3408 3409 401de9 ShellExecuteA 3408->3409 3410 401e16 3409->3410 3411 401645 3412 4029f6 18 API calls 3411->3412 3413 40164c 3412->3413 3414 4029f6 18 API calls 3413->3414 3415 401655 3414->3415 3416 4029f6 18 API calls 3415->3416 3417 40165e MoveFileA 3416->3417 3418 401671 3417->3418 3419 40166a 3417->3419 3420 405d07 2 API calls 3418->3420 3423 402169 3418->3423 3421 401423 25 API calls 3419->3421 3422 401680 3420->3422 3421->3423 3422->3423 3424 40575a 38 API calls 3422->3424 3424->3419 3425 401ec5 3426 4029f6 18 API calls 3425->3426 3427 401ecc GetFileVersionInfoSizeA 3426->3427 3428 401eef GlobalAlloc 3427->3428 3435 401f45 3427->3435 3429 401f03 GetFileVersionInfoA 3428->3429 3428->3435 3430 401f14 VerQueryValueA 3429->3430 3429->3435 3431 401f2d 3430->3431 3430->3435 3436 40596a wsprintfA 3431->3436 3433 401f39 3437 40596a wsprintfA 3433->3437 3436->3433 3437->3435 3438 4014ca 3439 404daa 25 API calls 3438->3439 3440 4014d1 3439->3440 3441 4025cc 3442 4025d3 3441->3442 3448 402838 3441->3448 3443 4029d9 18 API calls 3442->3443 3444 4025de 3443->3444 3445 4025e5 SetFilePointer 3444->3445 3446 4025f5 3445->3446 3445->3448 3449 40596a wsprintfA 3446->3449 3449->3448 3053 401f51 3054 401f63 3053->3054 3055 402012 3053->3055 3056 4029f6 18 API calls 3054->3056 3058 401423 25 API calls 3055->3058 3057 401f6a 3056->3057 3059 4029f6 18 API calls 3057->3059 3063 402169 3058->3063 3060 401f73 3059->3060 3061 401f88 LoadLibraryExA 3060->3061 3062 401f7b GetModuleHandleA 3060->3062 3061->3055 3064 401f98 GetProcAddress 3061->3064 3062->3061 3062->3064 3065 401fe5 3064->3065 3066 401fa8 3064->3066 3067 404daa 25 API calls 3065->3067 3069 401fb8 3066->3069 3071 401423 3066->3071 3067->3069 3069->3063 3070 402006 FreeLibrary 3069->3070 3070->3063 3072 404daa 25 API calls 3071->3072 3073 401431 3072->3073 3073->3069 3450 403ed2 lstrcpynA lstrlenA 3451 4014d6 3452 4029d9 18 API calls 3451->3452 3453 4014dc Sleep 3452->3453 3455 40288b 3453->3455 3461 4018d8 3462 40190f 3461->3462 3463 4029f6 18 API calls 3462->3463 3464 401914 3463->3464 3465 405331 68 API calls 3464->3465 3466 40191d 3465->3466 3467 4018db 3468 4029f6 18 API calls 3467->3468 3469 4018e2 3468->3469 3470 4052cd MessageBoxIndirectA 3469->3470 3471 4018eb 3470->3471 3472 401ae5 3473 4029f6 18 API calls 3472->3473 3474 401aec 3473->3474 3475 4029d9 18 API calls 3474->3475 3476 401af5 wsprintfA 3475->3476 3477 40288b 3476->3477 3478 402866 SendMessageA 3479 402880 InvalidateRect 3478->3479 3480 40288b 3478->3480 3479->3480 3481 4019e6 3482 4029f6 18 API calls 3481->3482 3483 4019ef ExpandEnvironmentStringsA 3482->3483 3484 401a03 3483->3484 3486 401a16 3483->3486 3485 401a08 lstrcmpA 3484->3485 3484->3486 3485->3486 3487 402267 3488 4029f6 18 API calls 3487->3488 3489 402275 3488->3489 3490 4029f6 18 API calls 3489->3490 3491 40227e 3490->3491 3492 4029f6 18 API calls 3491->3492 3493 402288 GetPrivateProfileStringA 3492->3493 2755 404ee8 2756 405094 2755->2756 2757 404f09 GetDlgItem GetDlgItem GetDlgItem 2755->2757 2758 4050c5 2756->2758 2759 40509d GetDlgItem CreateThread CloseHandle 2756->2759 2802 403df3 SendMessageA 2757->2802 2761 4050f0 2758->2761 2763 405112 2758->2763 2764 4050dc ShowWindow ShowWindow 2758->2764 2759->2758 2819 404e7c OleInitialize 2759->2819 2765 4050f9 2761->2765 2766 40514e 2761->2766 2762 404f7a 2767 404f81 GetClientRect GetSystemMetrics SendMessageA SendMessageA 2762->2767 2771 403e25 8 API calls 2763->2771 2804 403df3 SendMessageA 2764->2804 2769 405101 2765->2769 2770 405127 ShowWindow 2765->2770 2766->2763 2774 405159 SendMessageA 2766->2774 2772 404ff0 2767->2772 2773 404fd4 SendMessageA SendMessageA 2767->2773 2805 403d97 2769->2805 2777 405147 2770->2777 2778 405139 2770->2778 2776 405120 2771->2776 2780 405003 2772->2780 2781 404ff5 SendMessageA 2772->2781 2773->2772 2774->2776 2782 405172 CreatePopupMenu 2774->2782 2779 403d97 SendMessageA 2777->2779 2808 404daa 2778->2808 2779->2766 2785 403dbe 19 API calls 2780->2785 2781->2780 2784 405a2e 18 API calls 2782->2784 2786 405182 AppendMenuA 2784->2786 2787 405013 2785->2787 2788 405195 GetWindowRect 2786->2788 2789 4051a8 2786->2789 2790 405050 GetDlgItem SendMessageA 2787->2790 2791 40501c ShowWindow 2787->2791 2792 4051b1 TrackPopupMenu 2788->2792 2789->2792 2790->2776 2795 405077 SendMessageA SendMessageA 2790->2795 2793 405032 ShowWindow 2791->2793 2794 40503f 2791->2794 2792->2776 2796 4051cf 2792->2796 2793->2794 2803 403df3 SendMessageA 2794->2803 2795->2776 2797 4051eb SendMessageA 2796->2797 2797->2797 2799 405208 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 2797->2799 2800 40522a SendMessageA 2799->2800 2800->2800 2801 40524b GlobalUnlock SetClipboardData CloseClipboard 2800->2801 2801->2776 2802->2762 2803->2790 2804->2761 2806 403da4 SendMessageA 2805->2806 2807 403d9e 2805->2807 2806->2763 2807->2806 2809 404dc5 2808->2809 2818 404e68 2808->2818 2810 404de2 lstrlenA 2809->2810 2811 405a2e 18 API calls 2809->2811 2812 404df0 lstrlenA 2810->2812 2813 404e0b 2810->2813 2811->2810 2814 404e02 lstrcatA 2812->2814 2812->2818 2815 404e11 SetWindowTextA 2813->2815 2816 404e1e 2813->2816 2814->2813 2815->2816 2817 404e24 SendMessageA SendMessageA SendMessageA 2816->2817 2816->2818 2817->2818 2818->2777 2826 403e0a 2819->2826 2821 404e9f 2825 404ec6 2821->2825 2829 401389 2821->2829 2822 403e0a SendMessageA 2823 404ed8 OleUninitialize 2822->2823 2825->2822 2827 403e22 2826->2827 2828 403e13 SendMessageA 2826->2828 2827->2821 2828->2827 2831 401390 2829->2831 2830 4013fe 2830->2821 2831->2830 2832 4013cb MulDiv SendMessageA 2831->2832 2832->2831 2833 4038eb 2834 403903 2833->2834 2835 403a3e 2833->2835 2834->2835 2836 40390f 2834->2836 2837 403a8f 2835->2837 2838 403a4f GetDlgItem GetDlgItem 2835->2838 2839 40391a SetWindowPos 2836->2839 2840 40392d 2836->2840 2842 403ae9 2837->2842 2850 401389 2 API calls 2837->2850 2841 403dbe 19 API calls 2838->2841 2839->2840 2844 403932 ShowWindow 2840->2844 2845 40394a 2840->2845 2846 403a79 SetClassLongA 2841->2846 2843 403e0a SendMessageA 2842->2843 2895 403a39 2842->2895 2893 403afb 2843->2893 2844->2845 2847 403952 DestroyWindow 2845->2847 2848 40396c 2845->2848 2849 40140b 2 API calls 2846->2849 2854 403d47 2847->2854 2851 403971 SetWindowLongA 2848->2851 2852 403982 2848->2852 2849->2837 2853 403ac1 2850->2853 2851->2895 2857 403a2b 2852->2857 2858 40398e GetDlgItem 2852->2858 2853->2842 2859 403ac5 SendMessageA 2853->2859 2861 403d78 ShowWindow 2854->2861 2854->2895 2855 40140b 2 API calls 2855->2893 2856 403d49 DestroyWindow EndDialog 2856->2854 2860 403e25 8 API calls 2857->2860 2862 4039a1 SendMessageA IsWindowEnabled 2858->2862 2863 4039be 2858->2863 2859->2895 2860->2895 2861->2895 2862->2863 2862->2895 2865 4039cb 2863->2865 2866 403a12 SendMessageA 2863->2866 2867 4039de 2863->2867 2875 4039c3 2863->2875 2864 405a2e 18 API calls 2864->2893 2865->2866 2865->2875 2866->2857 2869 4039e6 2867->2869 2870 4039fb 2867->2870 2868 403d97 SendMessageA 2871 4039f9 2868->2871 2906 40140b 2869->2906 2873 40140b 2 API calls 2870->2873 2871->2857 2876 403a02 2873->2876 2874 403dbe 19 API calls 2874->2893 2875->2868 2876->2857 2876->2875 2877 403dbe 19 API calls 2878 403b76 GetDlgItem 2877->2878 2879 403b93 ShowWindow KiUserCallbackDispatcher 2878->2879 2880 403b8b 2878->2880 2903 403de0 KiUserCallbackDispatcher 2879->2903 2880->2879 2882 403bbd KiUserCallbackDispatcher 2885 403bd1 2882->2885 2883 403bd6 GetSystemMenu EnableMenuItem SendMessageA 2884 403c06 SendMessageA 2883->2884 2883->2885 2884->2885 2885->2883 2904 403df3 SendMessageA 2885->2904 2905 405a0c lstrcpynA 2885->2905 2888 403c34 lstrlenA 2889 405a2e 18 API calls 2888->2889 2890 403c45 SetWindowTextA 2889->2890 2891 401389 2 API calls 2890->2891 2891->2893 2892 403c89 DestroyWindow 2892->2854 2894 403ca3 CreateDialogParamA 2892->2894 2893->2855 2893->2856 2893->2864 2893->2874 2893->2877 2893->2892 2893->2895 2894->2854 2896 403cd6 2894->2896 2897 403dbe 19 API calls 2896->2897 2898 403ce1 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 2897->2898 2899 401389 2 API calls 2898->2899 2900 403d27 2899->2900 2900->2895 2901 403d2f ShowWindow 2900->2901 2902 403e0a SendMessageA 2901->2902 2902->2854 2903->2882 2904->2885 2905->2888 2907 401389 2 API calls 2906->2907 2908 401420 2907->2908 2908->2875 3494 401c6d 3495 4029d9 18 API calls 3494->3495 3496 401c73 IsWindow 3495->3496 3497 4019d6 3496->3497 3498 4014f0 SetForegroundWindow 3499 40288b 3498->3499 3500 402172 3501 4029f6 18 API calls 3500->3501 3502 402178 3501->3502 3503 4029f6 18 API calls 3502->3503 3504 402181 3503->3504 3505 4029f6 18 API calls 3504->3505 3506 40218a 3505->3506 3507 405d07 2 API calls 3506->3507 3508 402193 3507->3508 3509 4021a4 lstrlenA lstrlenA 3508->3509 3513 402197 3508->3513 3511 404daa 25 API calls 3509->3511 3510 404daa 25 API calls 3514 40219f 3510->3514 3512 4021e0 SHFileOperationA 3511->3512 3512->3513 3512->3514 3513->3510 3513->3514 3515 4021f4 3516 4021fb 3515->3516 3519 40220e 3515->3519 3517 405a2e 18 API calls 3516->3517 3518 402208 3517->3518 3520 4052cd MessageBoxIndirectA 3518->3520 3520->3519 3521 4046f9 GetDlgItem GetDlgItem 3522 40474d 7 API calls 3521->3522 3534 40496a 3521->3534 3523 4047f3 DeleteObject 3522->3523 3524 4047e6 SendMessageA 3522->3524 3525 4047fe 3523->3525 3524->3523 3527 404835 3525->3527 3528 405a2e 18 API calls 3525->3528 3526 404a54 3530 404b03 3526->3530 3536 40495d 3526->3536 3541 404aad SendMessageA 3526->3541 3529 403dbe 19 API calls 3527->3529 3531 404817 SendMessageA SendMessageA 3528->3531 3535 404849 3529->3535 3532 404b18 3530->3532 3533 404b0c SendMessageA 3530->3533 3531->3525 3543 404b31 3532->3543 3544 404b2a ImageList_Destroy 3532->3544 3551 404b41 3532->3551 3533->3532 3534->3526 3555 4049de 3534->3555 3574 404679 SendMessageA 3534->3574 3540 403dbe 19 API calls 3535->3540 3537 403e25 8 API calls 3536->3537 3542 404cf3 3537->3542 3538 404a46 SendMessageA 3538->3526 3556 404857 3540->3556 3541->3536 3546 404ac2 SendMessageA 3541->3546 3547 404b3a GlobalFree 3543->3547 3543->3551 3544->3543 3545 404ca7 3545->3536 3552 404cb9 ShowWindow GetDlgItem ShowWindow 3545->3552 3549 404ad5 3546->3549 3547->3551 3548 40492b GetWindowLongA SetWindowLongA 3550 404944 3548->3550 3558 404ae6 SendMessageA 3549->3558 3553 404962 3550->3553 3554 40494a ShowWindow 3550->3554 3551->3545 3557 40140b 2 API calls 3551->3557 3568 404b73 3551->3568 3552->3536 3573 403df3 SendMessageA 3553->3573 3572 403df3 SendMessageA 3554->3572 3555->3526 3555->3538 3556->3548 3559 404925 3556->3559 3562 4048a6 SendMessageA 3556->3562 3563 4048e2 SendMessageA 3556->3563 3564 4048f3 SendMessageA 3556->3564 3557->3568 3558->3530 3559->3548 3559->3550 3562->3556 3563->3556 3564->3556 3565 404c7d InvalidateRect 3565->3545 3566 404c93 3565->3566 3579 404597 3566->3579 3567 404ba1 SendMessageA 3569 404bb7 3567->3569 3568->3567 3568->3569 3569->3565 3571 404c2b SendMessageA SendMessageA 3569->3571 3571->3569 3572->3536 3573->3534 3575 4046d8 SendMessageA 3574->3575 3576 40469c GetMessagePos ScreenToClient SendMessageA 3574->3576 3578 4046d0 3575->3578 3577 4046d5 3576->3577 3576->3578 3577->3575 3578->3555 3580 4045b1 3579->3580 3581 405a2e 18 API calls 3580->3581 3582 4045e6 3581->3582 3583 405a2e 18 API calls 3582->3583 3584 4045f1 3583->3584 3585 405a2e 18 API calls 3584->3585 3586 404622 lstrlenA wsprintfA SetDlgItemTextA 3585->3586 3586->3545 3164 4030fa #17 SetErrorMode OleInitialize 3165 405d2e 3 API calls 3164->3165 3166 40313d SHGetFileInfoA 3165->3166 3234 405a0c lstrcpynA 3166->3234 3168 403168 GetCommandLineA 3235 405a0c lstrcpynA 3168->3235 3170 40317a GetModuleHandleA 3171 403191 3170->3171 3172 40552a CharNextA 3171->3172 3173 4031a5 CharNextA 3172->3173 3178 4031b2 3173->3178 3174 40321b 3175 40322e GetTempPathA 3174->3175 3236 4030c6 3175->3236 3177 403244 3179 403268 DeleteFileA 3177->3179 3180 403248 GetWindowsDirectoryA lstrcatA 3177->3180 3178->3174 3181 40552a CharNextA 3178->3181 3185 40321d 3178->3185 3244 402c22 GetTickCount GetModuleFileNameA 3179->3244 3182 4030c6 11 API calls 3180->3182 3181->3178 3184 403264 3182->3184 3184->3179 3188 4032e2 3184->3188 3326 405a0c lstrcpynA 3185->3326 3186 403279 3186->3188 3189 4032d2 3186->3189 3193 40552a CharNextA 3186->3193 3329 40347b 3188->3329 3272 403555 3189->3272 3196 403290 3193->3196 3194 4033e0 3198 403463 ExitProcess 3194->3198 3201 405d2e 3 API calls 3194->3201 3195 4032fb 3197 4052cd MessageBoxIndirectA 3195->3197 3202 403311 lstrcatA lstrcmpiA 3196->3202 3203 4032ad 3196->3203 3200 403309 ExitProcess 3197->3200 3204 4033ef 3201->3204 3202->3188 3206 40332d CreateDirectoryA SetCurrentDirectoryA 3202->3206 3205 4055e0 18 API calls 3203->3205 3207 405d2e 3 API calls 3204->3207 3209 4032b8 3205->3209 3210 403344 3206->3210 3211 40334f 3206->3211 3208 4033f8 3207->3208 3212 405d2e 3 API calls 3208->3212 3209->3188 3327 405a0c lstrcpynA 3209->3327 3336 405a0c lstrcpynA 3210->3336 3337 405a0c lstrcpynA 3211->3337 3215 403401 3212->3215 3217 40344f ExitWindowsEx 3215->3217 3222 40340f GetCurrentProcess 3215->3222 3217->3198 3221 40345c 3217->3221 3218 4032c7 3328 405a0c lstrcpynA 3218->3328 3220 405a2e 18 API calls 3223 40337f DeleteFileA 3220->3223 3224 40140b 2 API calls 3221->3224 3226 40341f 3222->3226 3225 40338c CopyFileA 3223->3225 3231 40335d 3223->3231 3224->3198 3225->3231 3226->3217 3227 4033d4 3229 40575a 38 API calls 3227->3229 3228 40575a 38 API calls 3228->3231 3229->3188 3230 405a2e 18 API calls 3230->3231 3231->3220 3231->3227 3231->3228 3231->3230 3233 4033c0 CloseHandle 3231->3233 3338 40526c GetFileAttributesW 3231->3338 3233->3231 3234->3168 3235->3170 3237 405c6e 5 API calls 3236->3237 3238 4030d2 3237->3238 3239 4030dc 3238->3239 3240 4054ff 3 API calls 3238->3240 3239->3177 3241 4030e4 CreateDirectoryA 3240->3241 3242 405712 2 API calls 3241->3242 3243 4030f8 3242->3243 3243->3177 3341 4056e3 GetFileAttributesA CreateFileA 3244->3341 3246 402c62 3267 402c72 3246->3267 3342 405a0c lstrcpynA 3246->3342 3248 402c88 3249 405546 2 API calls 3248->3249 3250 402c8e 3249->3250 3343 405a0c lstrcpynA 3250->3343 3252 402c99 GetFileSize 3253 402d95 3252->3253 3265 402cb0 3252->3265 3344 402bbe 3253->3344 3255 402d9e 3257 402dce GlobalAlloc 3255->3257 3255->3267 3355 4030af SetFilePointer 3255->3355 3256 40307d ReadFile 3256->3265 3356 4030af SetFilePointer 3257->3356 3259 402e01 3263 402bbe 6 API calls 3259->3263 3261 402db7 3264 40307d ReadFile 3261->3264 3262 402de9 3266 402e5b 33 API calls 3262->3266 3263->3267 3268 402dc2 3264->3268 3265->3253 3265->3256 3265->3259 3265->3267 3269 402bbe 6 API calls 3265->3269 3270 402df5 3266->3270 3267->3186 3268->3257 3268->3267 3269->3265 3270->3267 3270->3270 3271 402e32 SetFilePointer 3270->3271 3271->3267 3273 405d2e 3 API calls 3272->3273 3274 403569 3273->3274 3275 403581 3274->3275 3276 40356f 3274->3276 3277 4058f3 3 API calls 3275->3277 3370 40596a wsprintfA 3276->3370 3278 4035a2 3277->3278 3280 4035c0 lstrcatA 3278->3280 3282 4058f3 3 API calls 3278->3282 3281 40357f 3280->3281 3361 40381e 3281->3361 3282->3280 3285 4055e0 18 API calls 3286 4035f2 3285->3286 3287 40367b 3286->3287 3289 4058f3 3 API calls 3286->3289 3288 4055e0 18 API calls 3287->3288 3290 403681 3288->3290 3291 40361e 3289->3291 3292 403691 LoadImageA 3290->3292 3293 405a2e 18 API calls 3290->3293 3291->3287 3296 40363a lstrlenA 3291->3296 3300 40552a CharNextA 3291->3300 3294 403745 3292->3294 3295 4036bc RegisterClassA 3292->3295 3293->3292 3299 40140b 2 API calls 3294->3299 3297 40374f 3295->3297 3298 4036f8 SystemParametersInfoA CreateWindowExA 3295->3298 3301 403648 lstrcmpiA 3296->3301 3302 40366e 3296->3302 3297->3188 3298->3294 3303 40374b 3299->3303 3305 403638 3300->3305 3301->3302 3306 403658 GetFileAttributesA 3301->3306 3304 4054ff 3 API calls 3302->3304 3303->3297 3307 40381e 19 API calls 3303->3307 3308 403674 3304->3308 3305->3296 3309 403664 3306->3309 3310 40375c 3307->3310 3371 405a0c lstrcpynA 3308->3371 3309->3302 3312 405546 2 API calls 3309->3312 3313 403768 ShowWindow LoadLibraryA 3310->3313 3314 4037eb 3310->3314 3312->3302 3315 403787 LoadLibraryA 3313->3315 3316 40378e GetClassInfoA 3313->3316 3317 404e7c 5 API calls 3314->3317 3315->3316 3318 4037a2 GetClassInfoA RegisterClassA 3316->3318 3319 4037b8 DialogBoxParamA 3316->3319 3320 4037f1 3317->3320 3318->3319 3321 40140b 2 API calls 3319->3321 3322 40380d 3320->3322 3324 4037f5 3320->3324 3321->3297 3323 40140b 2 API calls 3322->3323 3323->3297 3324->3297 3325 40140b 2 API calls 3324->3325 3325->3297 3326->3175 3327->3218 3328->3189 3330 403493 3329->3330 3331 403485 CloseHandle 3329->3331 3373 4034c0 3330->3373 3331->3330 3334 405331 68 API calls 3335 4032eb OleUninitialize 3334->3335 3335->3194 3335->3195 3336->3211 3337->3231 3339 4052a7 3338->3339 3340 40529b CloseHandle 3338->3340 3339->3231 3340->3339 3341->3246 3342->3248 3343->3252 3345 402bc7 3344->3345 3346 402bdf 3344->3346 3347 402bd0 DestroyWindow 3345->3347 3348 402bd7 3345->3348 3349 402be7 3346->3349 3350 402bef GetTickCount 3346->3350 3347->3348 3348->3255 3357 405d67 3349->3357 3352 402c20 3350->3352 3353 402bfd CreateDialogParamA ShowWindow 3350->3353 3352->3255 3353->3352 3355->3261 3356->3262 3358 405d84 PeekMessageA 3357->3358 3359 402bed 3358->3359 3360 405d7a DispatchMessageA 3358->3360 3359->3255 3360->3358 3362 403832 3361->3362 3372 40596a wsprintfA 3362->3372 3364 4038a3 3365 405a2e 18 API calls 3364->3365 3366 4038af SetWindowTextA 3365->3366 3367 4035d0 3366->3367 3368 4038cb 3366->3368 3367->3285 3368->3367 3369 405a2e 18 API calls 3368->3369 3369->3368 3370->3281 3371->3287 3372->3364 3374 4034ce 3373->3374 3375 4034d3 FreeLibrary GlobalFree 3374->3375 3376 403498 3374->3376 3375->3375 3375->3376 3376->3334 3587 404cfa 3588 404d08 3587->3588 3589 404d1f 3587->3589 3590 404d0e 3588->3590 3605 404d88 3588->3605 3591 404d2d IsWindowVisible 3589->3591 3597 404d44 3589->3597 3592 403e0a SendMessageA 3590->3592 3594 404d3a 3591->3594 3591->3605 3595 404d18 3592->3595 3593 404d8e CallWindowProcA 3593->3595 3596 404679 5 API calls 3594->3596 3596->3597 3597->3593 3606 405a0c lstrcpynA 3597->3606 3599 404d73 3607 40596a wsprintfA 3599->3607 3601 404d7a 3602 40140b 2 API calls 3601->3602 3603 404d81 3602->3603 3608 405a0c lstrcpynA 3603->3608 3605->3593 3606->3599 3607->3601 3608->3605 3609 4016fa 3610 4029f6 18 API calls 3609->3610 3611 401701 SearchPathA 3610->3611 3612 40171c 3611->3612 3613 4025fb 3614 402602 3613->3614 3615 40288b 3613->3615 3616 402608 FindClose 3614->3616 3616->3615 3617 40267c 3618 4029f6 18 API calls 3617->3618 3620 40268a 3618->3620 3619 4026a0 3622 4056c4 2 API calls 3619->3622 3620->3619 3621 4029f6 18 API calls 3620->3621 3621->3619 3623 4026a6 3622->3623 3643 4056e3 GetFileAttributesA CreateFileA 3623->3643 3625 4026b3 3626 40275c 3625->3626 3627 4026bf GlobalAlloc 3625->3627 3630 402764 DeleteFileA 3626->3630 3631 402777 3626->3631 3628 402753 CloseHandle 3627->3628 3629 4026d8 3627->3629 3628->3626 3644 4030af SetFilePointer 3629->3644 3630->3631 3633 4026de 3634 40307d ReadFile 3633->3634 3635 4026e7 GlobalAlloc 3634->3635 3636 4026f7 3635->3636 3637 40272b WriteFile GlobalFree 3635->3637 3638 402e5b 33 API calls 3636->3638 3639 402e5b 33 API calls 3637->3639 3642 402704 3638->3642 3640 402750 3639->3640 3640->3628 3641 402722 GlobalFree 3641->3637 3642->3641 3643->3625 3644->3633 3645 4041fc 3646 40423a 3645->3646 3647 40422d 3645->3647 3649 404243 GetDlgItem 3646->3649 3654 4042a6 3646->3654 3706 4052b1 GetDlgItemTextA 3647->3706 3651 404257 3649->3651 3650 404234 3653 405c6e 5 API calls 3650->3653 3657 40426b SetWindowTextA 3651->3657 3662 405593 4 API calls 3651->3662 3652 40438a 3655 404516 3652->3655 3708 4052b1 GetDlgItemTextA 3652->3708 3653->3646 3654->3652 3654->3655 3659 405a2e 18 API calls 3654->3659 3661 403e25 8 API calls 3655->3661 3660 403dbe 19 API calls 3657->3660 3658 4043b6 3663 4055e0 18 API calls 3658->3663 3664 40431c SHBrowseForFolderA 3659->3664 3665 404289 3660->3665 3666 40452a 3661->3666 3667 404261 3662->3667 3668 4043bc 3663->3668 3664->3652 3669 404334 CoTaskMemFree 3664->3669 3670 403dbe 19 API calls 3665->3670 3667->3657 3671 4054ff 3 API calls 3667->3671 3709 405a0c lstrcpynA 3668->3709 3672 4054ff 3 API calls 3669->3672 3673 404297 3670->3673 3671->3657 3674 404341 3672->3674 3707 403df3 SendMessageA 3673->3707 3677 404378 SetDlgItemTextA 3674->3677 3682 405a2e 18 API calls 3674->3682 3677->3652 3678 40429f 3680 405d2e 3 API calls 3678->3680 3679 4043d3 3681 405d2e 3 API calls 3679->3681 3680->3654 3689 4043db 3681->3689 3683 404360 lstrcmpiA 3682->3683 3683->3677 3686 404371 lstrcatA 3683->3686 3684 404415 3710 405a0c lstrcpynA 3684->3710 3686->3677 3687 40441e 3688 405593 4 API calls 3687->3688 3690 404424 GetDiskFreeSpaceA 3688->3690 3689->3684 3692 405546 2 API calls 3689->3692 3694 404468 3689->3694 3693 404446 MulDiv 3690->3693 3690->3694 3692->3689 3693->3694 3695 4044c5 3694->3695 3696 404597 21 API calls 3694->3696 3697 4044e8 3695->3697 3698 40140b 2 API calls 3695->3698 3699 4044b7 3696->3699 3711 403de0 KiUserCallbackDispatcher 3697->3711 3698->3697 3701 4044c7 SetDlgItemTextA 3699->3701 3702 4044bc 3699->3702 3701->3695 3704 404597 21 API calls 3702->3704 3703 404504 3703->3655 3705 404191 SendMessageA 3703->3705 3704->3695 3705->3655 3706->3650 3707->3678 3708->3658 3709->3679 3710->3687 3711->3703 3712 4014fe 3713 401506 3712->3713 3715 401519 3712->3715 3714 4029d9 18 API calls 3713->3714 3714->3715 3716 401000 3717 401037 BeginPaint GetClientRect 3716->3717 3718 40100c DefWindowProcA 3716->3718 3720 4010f3 3717->3720 3721 401179 3718->3721 3722 401073 CreateBrushIndirect FillRect DeleteObject 3720->3722 3723 4010fc 3720->3723 3722->3720 3724 401102 CreateFontIndirectA 3723->3724 3725 401167 EndPaint 3723->3725 3724->3725 3726 401112 6 API calls 3724->3726 3725->3721 3726->3725 3727 402303 3728 402309 3727->3728 3729 4029f6 18 API calls 3728->3729 3730 40231b 3729->3730 3731 4029f6 18 API calls 3730->3731 3732 402325 RegCreateKeyExA 3731->3732 3733 40288b 3732->3733 3734 40234f 3732->3734 3735 402367 3734->3735 3736 4029f6 18 API calls 3734->3736 3737 402373 3735->3737 3740 4029d9 18 API calls 3735->3740 3739 402360 lstrlenA 3736->3739 3738 40238e RegSetValueExA 3737->3738 3741 402e5b 33 API calls 3737->3741 3742 4023a4 RegCloseKey 3738->3742 3739->3735 3740->3737 3741->3738 3742->3733 3744 402803 3745 4029d9 18 API calls 3744->3745 3746 402809 3745->3746 3747 40283a 3746->3747 3748 40265c 3746->3748 3750 402817 3746->3750 3747->3748 3749 405a2e 18 API calls 3747->3749 3749->3748 3750->3748 3752 40596a wsprintfA 3750->3752 3752->3748 2676 402506 2685 4029d9 2676->2685 2678 402586 2679 402544 ReadFile 2679->2678 2680 402510 2679->2680 2680->2678 2680->2679 2681 402588 2680->2681 2682 402598 2680->2682 2688 40596a wsprintfA 2681->2688 2682->2678 2684 4025ae SetFilePointer 2682->2684 2684->2678 2686 405a2e 18 API calls 2685->2686 2687 4029ed 2686->2687 2687->2680 2688->2678 2689 403f06 2691 403f1c 2689->2691 2694 404029 2689->2694 2690 404098 2692 4040a2 GetDlgItem 2690->2692 2693 40416c 2690->2693 2718 403dbe 2691->2718 2696 4040b8 2692->2696 2697 40412a 2692->2697 2727 403e25 2693->2727 2694->2690 2694->2693 2699 40406d GetDlgItem SendMessageA 2694->2699 2696->2697 2704 4040de 6 API calls 2696->2704 2697->2693 2705 40413c 2697->2705 2698 403f72 2701 403dbe 19 API calls 2698->2701 2723 403de0 KiUserCallbackDispatcher 2699->2723 2703 403f7f CheckDlgButton 2701->2703 2702 404167 2721 403de0 KiUserCallbackDispatcher 2703->2721 2704->2697 2708 404142 SendMessageA 2705->2708 2709 404153 2705->2709 2708->2709 2709->2702 2712 404159 SendMessageA 2709->2712 2710 404093 2724 404191 2710->2724 2711 403f9d GetDlgItem 2722 403df3 SendMessageA 2711->2722 2712->2702 2715 403fb3 SendMessageA 2716 403fd1 GetSysColor 2715->2716 2717 403fda SendMessageA SendMessageA lstrlenA SendMessageA SendMessageA 2715->2717 2716->2717 2717->2702 2719 405a2e 18 API calls 2718->2719 2720 403dc9 SetDlgItemTextA 2719->2720 2720->2698 2721->2711 2722->2715 2723->2710 2725 4041a4 SendMessageA 2724->2725 2726 40419f 2724->2726 2725->2690 2726->2725 2728 403e3d GetWindowLongA 2727->2728 2738 403ec6 2727->2738 2729 403e4e 2728->2729 2728->2738 2730 403e60 2729->2730 2731 403e5d GetSysColor 2729->2731 2732 403e70 SetBkMode 2730->2732 2733 403e66 SetTextColor 2730->2733 2731->2730 2734 403e88 GetSysColor 2732->2734 2735 403e8e 2732->2735 2733->2732 2734->2735 2736 403e95 SetBkColor 2735->2736 2737 403e9f 2735->2737 2736->2737 2737->2738 2739 403eb2 DeleteObject 2737->2739 2740 403eb9 CreateBrushIndirect 2737->2740 2738->2702 2739->2740 2740->2738 3753 401b06 3754 401b13 3753->3754 3755 401b57 3753->3755 3756 4021fb 3754->3756 3763 401b2a 3754->3763 3757 401b80 GlobalAlloc 3755->3757 3758 401b5b 3755->3758 3760 405a2e 18 API calls 3756->3760 3759 405a2e 18 API calls 3757->3759 3761 401b9b 3758->3761 3774 405a0c lstrcpynA 3758->3774 3759->3761 3762 402208 3760->3762 3767 4052cd MessageBoxIndirectA 3762->3767 3772 405a0c lstrcpynA 3763->3772 3766 401b6d GlobalFree 3766->3761 3767->3761 3768 401b39 3773 405a0c lstrcpynA 3768->3773 3770 401b48 3775 405a0c lstrcpynA 3770->3775 3772->3768 3773->3770 3774->3766 3775->3761 3776 401c8a 3777 4029d9 18 API calls 3776->3777 3778 401c91 3777->3778 3779 4029d9 18 API calls 3778->3779 3780 401c99 GetDlgItem 3779->3780 3781 4024b8 3780->3781 2909 40190d 2910 40190f 2909->2910 2911 4029f6 18 API calls 2910->2911 2912 401914 2911->2912 2915 405331 2912->2915 2957 4055e0 2915->2957 2918 405365 2921 4054a4 2918->2921 2971 405a0c lstrcpynA 2918->2971 2919 40534e DeleteFileA 2920 40191d 2919->2920 2921->2920 3006 405d07 FindFirstFileA 2921->3006 2923 40538f 2924 4053a0 2923->2924 2925 405393 lstrcatA 2923->2925 2972 405546 lstrlenA 2924->2972 2927 4053a6 2925->2927 2929 4053b4 lstrcatA 2927->2929 2930 4053ab 2927->2930 2932 4053bf lstrlenA FindFirstFileA 2929->2932 2930->2929 2930->2932 2934 40549a 2932->2934 2948 4053e3 2932->2948 2933 4054c3 3009 4054ff lstrlenA CharPrevA 2933->3009 2934->2921 2936 40552a CharNextA 2936->2948 2938 4056c4 2 API calls 2939 4054cf RemoveDirectoryA 2938->2939 2940 4054f1 2939->2940 2941 4054da 2939->2941 2942 404daa 25 API calls 2940->2942 2941->2920 2946 404daa 25 API calls 2941->2946 2942->2920 2943 405479 FindNextFileA 2945 405491 FindClose 2943->2945 2943->2948 2945->2934 2947 4054e8 2946->2947 2949 40575a 38 API calls 2947->2949 2948->2936 2948->2943 2951 405331 59 API calls 2948->2951 2954 404daa 25 API calls 2948->2954 2955 404daa 25 API calls 2948->2955 2976 405a0c lstrcpynA 2948->2976 2977 4056c4 GetFileAttributesA 2948->2977 2980 40575a 2948->2980 2952 4054ef 2949->2952 2951->2948 2952->2920 2954->2943 2955->2948 3012 405a0c lstrcpynA 2957->3012 2959 4055f1 3013 405593 CharNextA CharNextA 2959->3013 2962 405345 2962->2918 2962->2919 2963 405c6e 5 API calls 2969 405607 2963->2969 2964 405632 lstrlenA 2965 40563d 2964->2965 2964->2969 2967 4054ff 3 API calls 2965->2967 2966 405d07 2 API calls 2966->2969 2968 405642 GetFileAttributesA 2967->2968 2968->2962 2969->2962 2969->2964 2969->2966 2970 405546 2 API calls 2969->2970 2970->2964 2971->2923 2973 405553 2972->2973 2974 405564 2973->2974 2975 405558 CharPrevA 2973->2975 2974->2927 2975->2973 2975->2974 2976->2948 2978 405446 DeleteFileA 2977->2978 2979 4056d3 SetFileAttributesA 2977->2979 2978->2948 2979->2978 3019 405d2e GetModuleHandleA 2980->3019 2983 4057c2 GetShortPathNameA 2985 4057d7 2983->2985 2986 4058b7 2983->2986 2985->2986 2988 4057df wsprintfA 2985->2988 2986->2948 2987 4057a6 CloseHandle GetShortPathNameA 2987->2986 2989 4057ba 2987->2989 2990 405a2e 18 API calls 2988->2990 2989->2983 2989->2986 2991 405807 2990->2991 3024 4056e3 GetFileAttributesA CreateFileA 2991->3024 2993 405814 2993->2986 2994 405823 GetFileSize GlobalAlloc 2993->2994 2995 4058b0 CloseHandle 2994->2995 2996 405841 ReadFile 2994->2996 2995->2986 2996->2995 2997 405855 2996->2997 2997->2995 3025 405658 lstrlenA 2997->3025 3000 4058c4 3003 405658 4 API calls 3000->3003 3001 40586a 3030 405a0c lstrcpynA 3001->3030 3004 405878 3003->3004 3005 40588b SetFilePointer WriteFile GlobalFree 3004->3005 3005->2995 3007 4054bf 3006->3007 3008 405d1d FindClose 3006->3008 3007->2920 3007->2933 3008->3007 3010 4054c9 3009->3010 3011 405519 lstrcatA 3009->3011 3010->2938 3011->3010 3012->2959 3014 4055ad 3013->3014 3018 4055b9 3013->3018 3015 4055b4 CharNextA 3014->3015 3014->3018 3016 4055d6 3015->3016 3016->2962 3016->2963 3017 40552a CharNextA 3017->3018 3018->3016 3018->3017 3020 405d55 GetProcAddress 3019->3020 3021 405d4a LoadLibraryA 3019->3021 3022 405765 3020->3022 3021->3020 3021->3022 3022->2983 3022->2986 3023 4056e3 GetFileAttributesA CreateFileA 3022->3023 3023->2987 3024->2993 3026 40568e lstrlenA 3025->3026 3027 405698 3026->3027 3028 40566c lstrcmpiA 3026->3028 3027->3000 3027->3001 3028->3027 3029 405685 CharNextA 3028->3029 3029->3026 3030->3004 3782 403513 3783 40351e 3782->3783 3784 403522 3783->3784 3785 403525 GlobalAlloc 3783->3785 3785->3784 3786 402615 3787 402618 3786->3787 3791 402630 3786->3791 3788 402625 FindNextFileA 3787->3788 3789 40266f 3788->3789 3788->3791 3792 405a0c lstrcpynA 3789->3792 3792->3791 3793 401595 3794 4029f6 18 API calls 3793->3794 3795 40159c SetFileAttributesA 3794->3795 3796 4015ae 3795->3796 3797 401d95 3798 4029d9 18 API calls 3797->3798 3799 401d9b 3798->3799 3800 4029d9 18 API calls 3799->3800 3801 401da4 3800->3801 3802 401db6 EnableWindow 3801->3802 3803 401dab ShowWindow 3801->3803 3804 40288b 3802->3804 3803->3804 3805 401e95 3806 4029f6 18 API calls 3805->3806 3807 401e9c 3806->3807 3808 405d07 2 API calls 3807->3808 3809 401ea2 3808->3809 3811 401eb4 3809->3811 3812 40596a wsprintfA 3809->3812 3812->3811 3813 401696 3814 4029f6 18 API calls 3813->3814 3815 40169c GetFullPathNameA 3814->3815 3816 4016d4 3815->3816 3817 4016b3 3815->3817 3818 4016e8 GetShortPathNameA 3816->3818 3819 40288b 3816->3819 3817->3816 3820 405d07 2 API calls 3817->3820 3818->3819 3821 4016c4 3820->3821 3821->3816 3823 405a0c lstrcpynA 3821->3823 3823->3816 3377 401e1b 3378 4029f6 18 API calls 3377->3378 3379 401e21 3378->3379 3380 404daa 25 API calls 3379->3380 3381 401e2b 3380->3381 3382 40526c 2 API calls 3381->3382 3386 401e31 3382->3386 3383 401e87 CloseHandle 3385 40265c 3383->3385 3384 401e50 WaitForSingleObject 3384->3386 3387 401e5e GetExitCodeProcess 3384->3387 3386->3383 3386->3384 3386->3385 3388 405d67 2 API calls 3386->3388 3389 401e70 3387->3389 3390 401e7b 3387->3390 3388->3384 3393 40596a wsprintfA 3389->3393 3390->3383 3392 401e79 3390->3392 3392->3383 3393->3392 3824 401d1b GetDC GetDeviceCaps 3825 4029d9 18 API calls 3824->3825 3826 401d37 MulDiv 3825->3826 3827 4029d9 18 API calls 3826->3827 3828 401d4c 3827->3828 3829 405a2e 18 API calls 3828->3829 3830 401d85 CreateFontIndirectA 3829->3830 3831 4024b8 3830->3831 3832 40249c 3833 4029f6 18 API calls 3832->3833 3834 4024a3 3833->3834 3837 4056e3 GetFileAttributesA CreateFileA 3834->3837 3836 4024af 3837->3836 3838 402020 3839 4029f6 18 API calls 3838->3839 3840 402027 3839->3840 3841 4029f6 18 API calls 3840->3841 3842 402031 3841->3842 3843 4029f6 18 API calls 3842->3843 3844 40203a 3843->3844 3845 4029f6 18 API calls 3844->3845 3846 402044 3845->3846 3847 4029f6 18 API calls 3846->3847 3849 40204e 3847->3849 3848 402062 CoCreateInstance 3853 402081 3848->3853 3854 402137 3848->3854 3849->3848 3850 4029f6 18 API calls 3849->3850 3850->3848 3851 401423 25 API calls 3852 402169 3851->3852 3853->3854 3855 402116 MultiByteToWideChar 3853->3855 3854->3851 3854->3852 3855->3854 2620 401721 2626 4029f6 2620->2626 2624 40172f 2625 405712 2 API calls 2624->2625 2625->2624 2627 402a02 2626->2627 2636 405a2e 2627->2636 2630 401728 2632 405712 2630->2632 2633 40571d GetTickCount GetTempFileNameA 2632->2633 2634 405749 2633->2634 2635 40574d 2633->2635 2634->2633 2634->2635 2635->2624 2648 405a3b 2636->2648 2637 405c55 2638 402a23 2637->2638 2671 405a0c lstrcpynA 2637->2671 2638->2630 2655 405c6e 2638->2655 2640 405ad3 GetVersion 2647 405ae0 2640->2647 2641 405c2c lstrlenA 2641->2648 2644 405a2e 10 API calls 2644->2641 2646 405b4b GetSystemDirectoryA 2646->2647 2647->2646 2647->2648 2649 405b5e GetWindowsDirectoryA 2647->2649 2651 405a2e 10 API calls 2647->2651 2652 405bd5 lstrcatA 2647->2652 2653 405b92 SHGetSpecialFolderLocation 2647->2653 2664 4058f3 RegOpenKeyExA 2647->2664 2648->2637 2648->2640 2648->2641 2648->2644 2650 405c6e 5 API calls 2648->2650 2669 40596a wsprintfA 2648->2669 2670 405a0c lstrcpynA 2648->2670 2649->2647 2650->2648 2651->2647 2652->2648 2653->2647 2654 405baa SHGetPathFromIDListA CoTaskMemFree 2653->2654 2654->2647 2661 405c7a 2655->2661 2656 405ce6 CharPrevA 2659 405ce2 2656->2659 2657 405cd7 CharNextA 2657->2659 2657->2661 2659->2656 2660 405d01 2659->2660 2660->2630 2661->2657 2661->2659 2662 405cc5 CharNextA 2661->2662 2663 405cd2 CharNextA 2661->2663 2672 40552a 2661->2672 2662->2661 2663->2657 2665 405964 2664->2665 2666 405926 RegQueryValueExA 2664->2666 2665->2647 2667 405947 RegCloseKey 2666->2667 2667->2665 2669->2648 2670->2648 2671->2638 2673 405530 2672->2673 2674 405543 2673->2674 2675 405536 CharNextA 2673->2675 2674->2661 2675->2673 3856 401922 3857 4029f6 18 API calls 3856->3857 3858 401929 lstrlenA 3857->3858 3859 4024b8 3858->3859 3860 402223 3861 40222b 3860->3861 3864 402231 3860->3864 3862 4029f6 18 API calls 3861->3862 3862->3864 3863 402241 3866 40224f 3863->3866 3867 4029f6 18 API calls 3863->3867 3864->3863 3865 4029f6 18 API calls 3864->3865 3865->3863 3868 4029f6 18 API calls 3866->3868 3867->3866 3869 402258 WritePrivateProfileStringA 3868->3869 3870 401ca5 3871 4029d9 18 API calls 3870->3871 3872 401cb5 SetWindowLongA 3871->3872 3873 40288b 3872->3873 3874 401a26 3875 4029d9 18 API calls 3874->3875 3876 401a2c 3875->3876 3877 4029d9 18 API calls 3876->3877 3878 4019d6 3877->3878 2741 402427 2751 402b00 2741->2751 2743 402431 2744 4029d9 18 API calls 2743->2744 2745 40243a 2744->2745 2746 402451 RegEnumKeyA 2745->2746 2747 40245d RegEnumValueA 2745->2747 2749 40265c 2745->2749 2748 402476 RegCloseKey 2746->2748 2747->2748 2747->2749 2748->2749 2752 4029f6 18 API calls 2751->2752 2753 402b19 2752->2753 2754 402b27 RegOpenKeyExA 2753->2754 2754->2743 3879 4022a7 3880 4022d7 3879->3880 3881 4022ac 3879->3881 3883 4029f6 18 API calls 3880->3883 3882 402b00 19 API calls 3881->3882 3884 4022b3 3882->3884 3885 4022de 3883->3885 3886 4022f4 3884->3886 3887 4029f6 18 API calls 3884->3887 3890 402a36 RegOpenKeyExA 3885->3890 3889 4022c4 RegDeleteValueA RegCloseKey 3887->3889 3889->3886 3893 402a61 3890->3893 3899 402aad 3890->3899 3891 402a87 RegEnumKeyA 3892 402a99 RegCloseKey 3891->3892 3891->3893 3895 405d2e 3 API calls 3892->3895 3893->3891 3893->3892 3894 402abe RegCloseKey 3893->3894 3896 402a36 3 API calls 3893->3896 3894->3899 3897 402aa9 3895->3897 3896->3893 3898 402ad9 RegDeleteKeyA 3897->3898 3897->3899 3898->3899 3899->3886 3031 401bad 3032 4029d9 18 API calls 3031->3032 3033 401bb4 3032->3033 3034 4029d9 18 API calls 3033->3034 3035 401bbe 3034->3035 3036 4029f6 18 API calls 3035->3036 3038 401bce 3035->3038 3036->3038 3037 401bde 3039 401be9 3037->3039 3040 401c2d 3037->3040 3038->3037 3041 4029f6 18 API calls 3038->3041 3042 4029d9 18 API calls 3039->3042 3043 4029f6 18 API calls 3040->3043 3041->3037 3044 401bee 3042->3044 3045 401c32 3043->3045 3046 4029d9 18 API calls 3044->3046 3047 4029f6 18 API calls 3045->3047 3048 401bf7 3046->3048 3049 401c3b FindWindowExA 3047->3049 3050 401c1d SendMessageA 3048->3050 3051 401bff SendMessageTimeoutA 3048->3051 3052 401c59 3049->3052 3050->3052 3051->3052 3900 4023af 3901 402b00 19 API calls 3900->3901 3902 4023b9 3901->3902 3903 4029f6 18 API calls 3902->3903 3904 4023c2 3903->3904 3905 4023cc RegQueryValueExA 3904->3905 3906 40265c 3904->3906 3907 4023f2 RegCloseKey 3905->3907 3908 4023ec 3905->3908 3907->3906 3908->3907 3911 40596a wsprintfA 3908->3911 3911->3907 3912 404531 3913 404541 3912->3913 3914 40455d 3912->3914 3923 4052b1 GetDlgItemTextA 3913->3923 3916 404590 3914->3916 3917 404563 SHGetPathFromIDListA 3914->3917 3919 40457a SendMessageA 3917->3919 3920 404573 3917->3920 3918 40454e SendMessageA 3918->3914 3919->3916 3922 40140b 2 API calls 3920->3922 3922->3919 3923->3918 3074 4015b3 3075 4029f6 18 API calls 3074->3075 3076 4015ba 3075->3076 3077 405593 4 API calls 3076->3077 3078 4015c2 3077->3078 3079 40160a 3078->3079 3080 40552a CharNextA 3078->3080 3081 40162d 3079->3081 3082 40160f 3079->3082 3083 4015d0 CreateDirectoryA 3080->3083 3086 401423 25 API calls 3081->3086 3084 401423 25 API calls 3082->3084 3083->3078 3085 4015e5 GetLastError 3083->3085 3087 401616 3084->3087 3085->3078 3089 4015f2 GetFileAttributesA 3085->3089 3090 402169 3086->3090 3092 405a0c lstrcpynA 3087->3092 3089->3078 3091 401621 SetCurrentDirectoryA 3091->3090 3092->3091 3093 401734 3094 4029f6 18 API calls 3093->3094 3095 40173b 3094->3095 3096 401761 3095->3096 3097 401759 3095->3097 3156 405a0c lstrcpynA 3096->3156 3155 405a0c lstrcpynA 3097->3155 3100 40175f 3104 405c6e 5 API calls 3100->3104 3101 40176c 3102 4054ff 3 API calls 3101->3102 3103 401772 lstrcatA 3102->3103 3103->3100 3111 40177e 3104->3111 3105 405d07 2 API calls 3105->3111 3106 4017bf 3107 4056c4 2 API calls 3106->3107 3107->3111 3109 401795 CompareFileTime 3109->3111 3110 401859 3112 404daa 25 API calls 3110->3112 3111->3105 3111->3106 3111->3109 3111->3110 3114 405a0c lstrcpynA 3111->3114 3120 405a2e 18 API calls 3111->3120 3132 401830 3111->3132 3133 4056e3 GetFileAttributesA CreateFileA 3111->3133 3157 4052cd 3111->3157 3115 401863 3112->3115 3113 404daa 25 API calls 3119 401845 3113->3119 3114->3111 3134 402e5b 3115->3134 3117 401876 3118 40188a SetFileTime 3117->3118 3121 40189c CloseHandle 3117->3121 3118->3121 3120->3111 3122 40220e 3121->3122 3123 4018ad 3121->3123 3122->3119 3124 4018b2 3123->3124 3125 4018c5 3123->3125 3127 405a2e 18 API calls 3124->3127 3126 405a2e 18 API calls 3125->3126 3128 4018cd 3126->3128 3130 4018ba lstrcatA 3127->3130 3131 4052cd MessageBoxIndirectA 3128->3131 3130->3128 3131->3122 3132->3113 3132->3119 3133->3111 3135 402e71 3134->3135 3136 402e9f 3135->3136 3163 4030af SetFilePointer 3135->3163 3161 40307d ReadFile 3136->3161 3140 402ffc 3140->3117 3141 403011 3143 403015 3141->3143 3144 40302d 3141->3144 3142 402ebc GetTickCount 3142->3140 3147 402f0b 3142->3147 3146 40307d ReadFile 3143->3146 3144->3140 3148 40307d ReadFile 3144->3148 3149 403048 WriteFile 3144->3149 3145 40307d ReadFile 3145->3147 3146->3140 3147->3140 3147->3145 3151 402f61 GetTickCount 3147->3151 3152 402f86 MulDiv wsprintfA 3147->3152 3154 402fc4 WriteFile 3147->3154 3148->3144 3149->3140 3150 40305d 3149->3150 3150->3140 3150->3144 3151->3147 3153 404daa 25 API calls 3152->3153 3153->3147 3154->3140 3154->3147 3155->3100 3156->3101 3158 4052e2 3157->3158 3159 4052f6 MessageBoxIndirectA 3158->3159 3160 40532e 3158->3160 3159->3160 3160->3111 3162 402eaa 3161->3162 3162->3140 3162->3141 3162->3142 3163->3136 3924 401634 3925 4029f6 18 API calls 3924->3925 3926 40163a 3925->3926 3927 405d07 2 API calls 3926->3927 3928 401640 3927->3928 3929 401934 3930 4029d9 18 API calls 3929->3930 3931 40193b 3930->3931 3932 4029d9 18 API calls 3931->3932 3933 401945 3932->3933 3934 4029f6 18 API calls 3933->3934 3935 40194e 3934->3935 3936 401961 lstrlenA 3935->3936 3937 40199c 3935->3937 3938 40196b 3936->3938 3938->3937 3942 405a0c lstrcpynA 3938->3942 3940 401985 3940->3937 3941 401992 lstrlenA 3940->3941 3941->3937 3942->3940 3943 4041b5 3944 4041c5 3943->3944 3945 4041eb 3943->3945 3946 403dbe 19 API calls 3944->3946 3947 403e25 8 API calls 3945->3947 3948 4041d2 SetDlgItemTextA 3946->3948 3949 4041f7 3947->3949 3948->3945 3950 4019b5 3951 4029f6 18 API calls 3950->3951 3952 4019bc 3951->3952 3953 4029f6 18 API calls 3952->3953 3954 4019c5 3953->3954 3955 4019cc lstrcmpiA 3954->3955 3956 4019de lstrcmpA 3954->3956 3957 4019d2 3955->3957 3956->3957 3958 4014b7 3959 4014bd 3958->3959 3960 401389 2 API calls 3959->3960 3961 4014c5 3960->3961 3962 402b3b 3963 402b63 3962->3963 3964 402b4a SetTimer 3962->3964 3965 402bb8 3963->3965 3966 402b7d MulDiv wsprintfA SetWindowTextA SetDlgItemTextA 3963->3966 3964->3963 3966->3965 3967 40263e 3968 4029f6 18 API calls 3967->3968 3969 402645 FindFirstFileA 3968->3969 3970 402668 3969->3970 3973 402658 3969->3973 3971 40266f 3970->3971 3975 40596a wsprintfA 3970->3975 3976 405a0c lstrcpynA 3971->3976 3975->3971 3976->3973 3977 4024be 3978 4024c3 3977->3978 3979 4024d4 3977->3979 3980 4029d9 18 API calls 3978->3980 3981 4029f6 18 API calls 3979->3981 3983 4024ca 3980->3983 3982 4024db lstrlenA 3981->3982 3982->3983 3984 4024fa WriteFile 3983->3984 3985 40265c 3983->3985 3984->3985

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 004030FA Relevance: 66.8, APIs: 23, Strings: 15, Instructions: 270filestringcomCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 0 4030fa-40318f #17 SetErrorMode OleInitialize call 405d2e SHGetFileInfoA call 405a0c GetCommandLineA call 405a0c GetModuleHandleA 7 403191-403196 0->7 8 40319b-4031b0 call 40552a CharNextA 0->8 7->8 11 403215-403219 8->11 12 4031b2-4031b5 11->12 13 40321b 11->13 15 4031b7-4031bb 12->15 16 4031bd-4031c5 12->16 14 40322e-403246 GetTempPathA call 4030c6 13->14 25 403268-40327f DeleteFileA call 402c22 14->25 26 403248-403266 GetWindowsDirectoryA lstrcatA call 4030c6 14->26 15->15 15->16 17 4031c7-4031c8 16->17 18 4031cd-4031d0 16->18 17->18 20 4031d2-4031d6 18->20 21 403205-403212 call 40552a 18->21 23 4031e6-4031ec 20->23 24 4031d8-4031e1 20->24 21->11 38 403214 21->38 30 4031fc-403203 23->30 31 4031ee-4031f7 23->31 24->23 28 4031e3 24->28 40 4032e6-4032f5 call 40347b OleUninitialize 25->40 41 403281-403287 25->41 26->25 26->40 28->23 30->21 36 40321d-403229 call 405a0c 30->36 31->30 35 4031f9 31->35 35->30 36->14 38->11 48 4033e0-4033e6 40->48 49 4032fb-40330b call 4052cd ExitProcess 40->49 42 4032d6-4032dd call 403555 41->42 43 403289-403292 call 40552a 41->43 50 4032e2 42->50 55 40329d-40329f 43->55 53 403463-40346b 48->53 54 4033e8-403405 call 405d2e * 3 48->54 50->40 56 403471-403475 ExitProcess 53->56 57 40346d 53->57 80 403407-403409 54->80 81 40344f-40345a ExitWindowsEx 54->81 58 4032a1-4032ab 55->58 59 403294-40329a 55->59 57->56 63 403311-40332b lstrcatA lstrcmpiA 58->63 64 4032ad-4032ba call 4055e0 58->64 59->58 62 40329c 59->62 62->55 63->40 67 40332d-403342 CreateDirectoryA SetCurrentDirectoryA 63->67 64->40 74 4032bc-4032d2 call 405a0c * 2 64->74 71 403344-40334a call 405a0c 67->71 72 40334f-403369 call 405a0c 67->72 71->72 83 40336e-40338a call 405a2e DeleteFileA 72->83 74->42 80->81 84 40340b-40340d 80->84 81->53 87 40345c-40345e call 40140b 81->87 92 4033cb-4033d2 83->92 93 40338c-40339c CopyFileA 83->93 84->81 88 40340f-403421 GetCurrentProcess 84->88 87->53 88->81 98 403423-403445 88->98 92->83 95 4033d4-4033db call 40575a 92->95 93->92 96 40339e-4033be call 40575a call 405a2e call 40526c 93->96 95->40 96->92 107 4033c0-4033c7 CloseHandle 96->107 98->81 107->92
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • #17.COMCTL32 ref: 00403119
                                                                                                                                                                                    • SetErrorMode.KERNEL32(00008001), ref: 00403124
                                                                                                                                                                                    • OleInitialize.OLE32(00000000), ref: 0040312B
                                                                                                                                                                                      • Part of subcall function 00405D2E: GetModuleHandleA.KERNEL32(?,?,00000000,0040313D,00000008), ref: 00405D40
                                                                                                                                                                                      • Part of subcall function 00405D2E: LoadLibraryA.KERNEL32(?,?,00000000,0040313D,00000008), ref: 00405D4B
                                                                                                                                                                                      • Part of subcall function 00405D2E: GetProcAddress.KERNEL32(00000000,?), ref: 00405D5C
                                                                                                                                                                                    • SHGetFileInfoA.SHELL32(00428F98,00000000,?,00000160,00000000,00000008), ref: 00403153
                                                                                                                                                                                      • Part of subcall function 00405A0C: lstrcpynA.KERNEL32(?,?,00000400,00403168,Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe,NSIS Error), ref: 00405A19
                                                                                                                                                                                    • GetCommandLineA.KERNEL32(Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe,NSIS Error), ref: 00403168
                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000), ref: 0040317B
                                                                                                                                                                                    • CharNextA.USER32(00000000,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000020), ref: 004031A6
                                                                                                                                                                                    • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 00403239
                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040324E
                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040325A
                                                                                                                                                                                    • DeleteFileA.KERNEL32(1033), ref: 0040326D
                                                                                                                                                                                    • OleUninitialize.OLE32(00000000), ref: 004032EB
                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 0040330B
                                                                                                                                                                                    • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu.tmp,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000,00000000), ref: 00403317
                                                                                                                                                                                    • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp), ref: 00403323
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040332F
                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\), ref: 00403336
                                                                                                                                                                                    • DeleteFileA.KERNEL32(00428B98,00428B98,?,0042F000,?), ref: 00403380
                                                                                                                                                                                    • CopyFileA.KERNEL32(C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe,00428B98,00000001), ref: 00403394
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,00428B98,00428B98,?,00428B98,00000000), ref: 004033C1
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,00000005,00000004,00000003), ref: 00403416
                                                                                                                                                                                    • ExitWindowsEx.USER32(00000002,00000000), ref: 00403452
                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00403475
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$DirectoryExitHandleProcess$CurrentDeleteModuleWindowslstrcat$AddressCharCloseCommandCopyCreateErrorInfoInitializeLibraryLineLoadModeNextPathProcTempUninitializelstrcmpilstrcpyn
                                                                                                                                                                                    • String ID: /D=$ _?=$"$"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe"$1033$Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp$C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$\Temp$~nsu.tmp
                                                                                                                                                                                    • API String ID: 2278157092-3142606589
                                                                                                                                                                                    • Opcode ID: 9988b600495c781106425a2b08430f5b13329de60f627557ffae5bbab9d6a54a
                                                                                                                                                                                    • Instruction ID: 1e9e478c3a9e7f3573a82b9cae4fcf3dc9ecc54075f91e84b1854e8c20532e3f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9988b600495c781106425a2b08430f5b13329de60f627557ffae5bbab9d6a54a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4191D130A08344AFE7216F61AD4AB6B7E9CEB0530AF04057FF541B61D2C77C99058B6E
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404EE8 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 108 404ee8-404f03 109 405094-40509b 108->109 110 404f09-404fd2 GetDlgItem * 3 call 403df3 call 40464c GetClientRect GetSystemMetrics SendMessageA * 2 108->110 111 4050c5-4050d2 109->111 112 40509d-4050bf GetDlgItem CreateThread CloseHandle 109->112 128 404ff0-404ff3 110->128 129 404fd4-404fee SendMessageA * 2 110->129 114 4050f0-4050f7 111->114 115 4050d4-4050da 111->115 112->111 120 4050f9-4050ff 114->120 121 40514e-405152 114->121 118 405112-40511b call 403e25 115->118 119 4050dc-4050eb ShowWindow * 2 call 403df3 115->119 132 405120-405124 118->132 119->114 125 405101-40510d call 403d97 120->125 126 405127-405137 ShowWindow 120->126 121->118 123 405154-405157 121->123 123->118 130 405159-40516c SendMessageA 123->130 125->118 133 405147-405149 call 403d97 126->133 134 405139-405142 call 404daa 126->134 136 405003-40501a call 403dbe 128->136 137 404ff5-405001 SendMessageA 128->137 129->128 138 405172-405193 CreatePopupMenu call 405a2e AppendMenuA 130->138 139 405265-405267 130->139 133->121 134->133 147 405050-405071 GetDlgItem SendMessageA 136->147 148 40501c-405030 ShowWindow 136->148 137->136 145 405195-4051a6 GetWindowRect 138->145 146 4051a8-4051ae 138->146 139->132 149 4051b1-4051c9 TrackPopupMenu 145->149 146->149 147->139 152 405077-40508f SendMessageA * 2 147->152 150 405032-40503d ShowWindow 148->150 151 40503f 148->151 149->139 153 4051cf-4051e6 149->153 154 405045-40504b call 403df3 150->154 151->154 152->139 155 4051eb-405206 SendMessageA 153->155 154->147 155->155 157 405208-405228 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 155->157 158 40522a-405249 SendMessageA 157->158 158->158 159 40524b-40525f GlobalUnlock SetClipboardData CloseClipboard 158->159 159->139
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000403), ref: 00404F47
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EE), ref: 00404F56
                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 00404F93
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000015), ref: 00404F9B
                                                                                                                                                                                    • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 00404FBC
                                                                                                                                                                                    • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00404FCD
                                                                                                                                                                                    • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 00404FE0
                                                                                                                                                                                    • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 00404FEE
                                                                                                                                                                                    • SendMessageA.USER32(?,00001024,00000000,?), ref: 00405001
                                                                                                                                                                                    • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405023
                                                                                                                                                                                    • ShowWindow.USER32(?,00000008), ref: 00405037
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 00405058
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405068
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00405081
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 0040508D
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F8), ref: 00404F65
                                                                                                                                                                                      • Part of subcall function 00403DF3: SendMessageA.USER32(00000028,?,00000001,00403C24), ref: 00403E01
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003EC), ref: 004050AA
                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00004E7C,00000000), ref: 004050B8
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 004050BF
                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 004050E3
                                                                                                                                                                                    • ShowWindow.USER32(000B0296,00000008), ref: 004050E8
                                                                                                                                                                                    • ShowWindow.USER32(00000008), ref: 0040512F
                                                                                                                                                                                    • SendMessageA.USER32(000B0296,00001004,00000000,00000000), ref: 00405161
                                                                                                                                                                                    • CreatePopupMenu.USER32 ref: 00405172
                                                                                                                                                                                    • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405187
                                                                                                                                                                                    • GetWindowRect.USER32(000B0296,?), ref: 0040519A
                                                                                                                                                                                    • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004051BE
                                                                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 004051F9
                                                                                                                                                                                    • OpenClipboard.USER32(00000000), ref: 00405209
                                                                                                                                                                                    • EmptyClipboard.USER32 ref: 0040520F
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405218
                                                                                                                                                                                    • GlobalLock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405222
                                                                                                                                                                                    • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405236
                                                                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0040524E
                                                                                                                                                                                    • SetClipboardData.USER32(00000001,00000000), ref: 00405259
                                                                                                                                                                                    • CloseClipboard.USER32 ref: 0040525F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                    • String ID: {
                                                                                                                                                                                    • API String ID: 590372296-366298937
                                                                                                                                                                                    • Opcode ID: 6c62450fa0967b3b33bc5117e26d6a8490ed76434340b7c86020486cdcf90b55
                                                                                                                                                                                    • Instruction ID: ecf959edf644124ae9a18d4fa2a520563b4821934e06b5e1f2851b0e4fc8d151
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c62450fa0967b3b33bc5117e26d6a8490ed76434340b7c86020486cdcf90b55
                                                                                                                                                                                    • Instruction Fuzzy Hash: FBA14870900208BFEB219FA1DD89AAE7F79FB08355F40407AFA05AA2A0C7755E41DF59
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00405331 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 441 405331-40534c call 4055e0 444 405365-40536f 441->444 445 40534e-405360 DeleteFileA 441->445 447 405371-405373 444->447 448 405383-405391 call 405a0c 444->448 446 4054f9-4054fc 445->446 449 4054a4-4054aa 447->449 450 405379-40537d 447->450 456 4053a0-4053a1 call 405546 448->456 457 405393-40539e lstrcatA 448->457 449->446 452 4054ac-4054af 449->452 450->448 450->449 454 4054b1-4054b7 452->454 455 4054b9-4054c1 call 405d07 452->455 454->446 455->446 465 4054c3-4054d8 call 4054ff call 4056c4 RemoveDirectoryA 455->465 459 4053a6-4053a9 456->459 457->459 461 4053b4-4053ba lstrcatA 459->461 462 4053ab-4053b2 459->462 464 4053bf-4053dd lstrlenA FindFirstFileA 461->464 462->461 462->464 466 4053e3-4053fa call 40552a 464->466 467 40549a-40549e 464->467 480 4054f1-4054f4 call 404daa 465->480 481 4054da-4054de 465->481 474 405405-405408 466->474 475 4053fc-405400 466->475 467->449 469 4054a0 467->469 469->449 478 40540a-40540f 474->478 479 40541b-405429 call 405a0c 474->479 475->474 477 405402 475->477 477->474 483 405411-405413 478->483 484 405479-40548b FindNextFileA 478->484 492 405440-40544f call 4056c4 DeleteFileA 479->492 493 40542b-405433 479->493 480->446 481->454 486 4054e0-4054ef call 404daa call 40575a 481->486 483->479 489 405415-405419 483->489 484->466 487 405491-405494 FindClose 484->487 486->446 487->467 489->479 489->484 501 405471-405474 call 404daa 492->501 502 405451-405455 492->502 493->484 494 405435-40543e call 405331 493->494 494->484 501->484 503 405457-405467 call 404daa call 40575a 502->503 504 405469-40546f 502->504 503->484 504->484
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000), ref: 0040534F
                                                                                                                                                                                    • lstrcatA.KERNEL32(0042AFE8,\*.*,0042AFE8,?,00000000,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000), ref: 00405399
                                                                                                                                                                                    • lstrcatA.KERNEL32(?,00409010,?,0042AFE8,?,00000000,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000), ref: 004053BA
                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00409010,?,0042AFE8,?,00000000,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000), ref: 004053C0
                                                                                                                                                                                    • FindFirstFileA.KERNEL32(0042AFE8,?,?,?,00409010,?,0042AFE8,?,00000000,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000), ref: 004053D1
                                                                                                                                                                                    • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 00405483
                                                                                                                                                                                    • FindClose.KERNEL32(?), ref: 00405494
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00405331
                                                                                                                                                                                    • "C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe", xrefs: 0040533B
                                                                                                                                                                                    • \*.*, xrefs: 00405393
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                                                                    • API String ID: 2035342205-1800141610
                                                                                                                                                                                    • Opcode ID: b778f4df6c3ea36ec1bf6fe39425abeadae869adb7d322eb3c14e747a76553d7
                                                                                                                                                                                    • Instruction ID: 46a167c19d0f92bb62e791f7a1b0a3e0954e7dde2177130d433e16ae92940f3d
                                                                                                                                                                                    • Opcode Fuzzy Hash: b778f4df6c3ea36ec1bf6fe39425abeadae869adb7d322eb3c14e747a76553d7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 84510130904A5476DB21AB218C85BFF3A68DF4231AF14813BF941752D2C77C49C2DE5E
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00405D2E Relevance: 4.5, APIs: 3, Instructions: 20libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(?,?,00000000,0040313D,00000008), ref: 00405D40
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(?,?,00000000,0040313D,00000008), ref: 00405D4B
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00405D5C
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressHandleLibraryLoadModuleProc
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 310444273-0
                                                                                                                                                                                    • Opcode ID: 7acfb344228b968400b962badda7c36266698eee5c55508006b44164a923ef80
                                                                                                                                                                                    • Instruction ID: 58781945b1ebe0d6425232f008294b0fb1b641fb0524d4e5e5734917004db801
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7acfb344228b968400b962badda7c36266698eee5c55508006b44164a923ef80
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CE08C36A04510BBD3215B30AE08A6B73ACEEC9B41304897EF615F6251D734AC11DBBA
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00405D07 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindFirstFileA.KERNEL32(?,0042C030,0042B3E8,00405623,0042B3E8,0042B3E8,00000000,0042B3E8,0042B3E8,?,?,00000000,00405345,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000), ref: 00405D12
                                                                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00405D1E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2295610775-0
                                                                                                                                                                                    • Opcode ID: 0ba34ad688579e7913e3aeb04dcfdbb9c24dd4cd636fec125d72bd6057fbbed4
                                                                                                                                                                                    • Instruction ID: 6bc8dc8487d68019062fb65c0caa7a5850599756ae9c65598668cc32d68c0862
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ba34ad688579e7913e3aeb04dcfdbb9c24dd4cd636fec125d72bd6057fbbed4
                                                                                                                                                                                    • Instruction Fuzzy Hash: C5D0123195D5309BD31017797C0C85B7A58DF293317108A33F025F22E0D3749C519AED
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004038EB Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 160 4038eb-4038fd 161 403903-403909 160->161 162 403a3e-403a4d 160->162 161->162 163 40390f-403918 161->163 164 403a9c-403ab1 162->164 165 403a4f-403a97 GetDlgItem * 2 call 403dbe SetClassLongA call 40140b 162->165 166 40391a-403927 SetWindowPos 163->166 167 40392d-403930 163->167 169 403af1-403af6 call 403e0a 164->169 170 403ab3-403ab6 164->170 165->164 166->167 172 403932-403944 ShowWindow 167->172 173 40394a-403950 167->173 178 403afb-403b16 169->178 175 403ab8-403ac3 call 401389 170->175 176 403ae9-403aeb 170->176 172->173 179 403952-403967 DestroyWindow 173->179 180 40396c-40396f 173->180 175->176 197 403ac5-403ae4 SendMessageA 175->197 176->169 177 403d8b 176->177 185 403d8d-403d94 177->185 183 403b18-403b1a call 40140b 178->183 184 403b1f-403b25 178->184 186 403d68-403d6e 179->186 188 403971-40397d SetWindowLongA 180->188 189 403982-403988 180->189 183->184 193 403d49-403d62 DestroyWindow EndDialog 184->193 194 403b2b-403b36 184->194 186->177 191 403d70-403d76 186->191 188->185 195 403a2b-403a39 call 403e25 189->195 196 40398e-40399f GetDlgItem 189->196 191->177 199 403d78-403d81 ShowWindow 191->199 193->186 194->193 200 403b3c-403b89 call 405a2e call 403dbe * 3 GetDlgItem 194->200 195->185 201 4039a1-4039b8 SendMessageA IsWindowEnabled 196->201 202 4039be-4039c1 196->202 197->185 199->177 230 403b93-403bcf ShowWindow KiUserCallbackDispatcher call 403de0 KiUserCallbackDispatcher 200->230 231 403b8b-403b90 200->231 201->177 201->202 205 4039c3-4039c4 202->205 206 4039c6-4039c9 202->206 210 4039f4-4039f9 call 403d97 205->210 207 4039d7-4039dc 206->207 208 4039cb-4039d1 206->208 211 403a12-403a25 SendMessageA 207->211 213 4039de-4039e4 207->213 208->211 212 4039d3-4039d5 208->212 210->195 211->195 212->210 216 4039e6-4039ec call 40140b 213->216 217 4039fb-403a04 call 40140b 213->217 226 4039f2 216->226 217->195 227 403a06-403a10 217->227 226->210 227->226 234 403bd1-403bd2 230->234 235 403bd4 230->235 231->230 236 403bd6-403c04 GetSystemMenu EnableMenuItem SendMessageA 234->236 235->236 237 403c06-403c17 SendMessageA 236->237 238 403c19 236->238 239 403c1f-403c58 call 403df3 call 405a0c lstrlenA call 405a2e SetWindowTextA call 401389 237->239 238->239 239->178 248 403c5e-403c60 239->248 248->178 249 403c66-403c6a 248->249 250 403c89-403c9d DestroyWindow 249->250 251 403c6c-403c72 249->251 250->186 253 403ca3-403cd0 CreateDialogParamA 250->253 251->177 252 403c78-403c7e 251->252 252->178 254 403c84 252->254 253->186 255 403cd6-403d2d call 403dbe GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 253->255 254->177 255->177 260 403d2f-403d42 ShowWindow call 403e0a 255->260 262 403d47 260->262 262->186
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403927
                                                                                                                                                                                    • ShowWindow.USER32(?), ref: 00403944
                                                                                                                                                                                    • DestroyWindow.USER32 ref: 00403958
                                                                                                                                                                                    • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403974
                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 00403995
                                                                                                                                                                                    • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 004039A9
                                                                                                                                                                                    • IsWindowEnabled.USER32(00000000), ref: 004039B0
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00403A5E
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00403A68
                                                                                                                                                                                    • SetClassLongA.USER32(?,000000F2,?), ref: 00403A82
                                                                                                                                                                                    • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403AD3
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000003), ref: 00403B79
                                                                                                                                                                                    • ShowWindow.USER32(00000000,?), ref: 00403B9A
                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403BAC
                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403BC7
                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403BDD
                                                                                                                                                                                    • EnableMenuItem.USER32(00000000), ref: 00403BE4
                                                                                                                                                                                    • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403BFC
                                                                                                                                                                                    • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403C0F
                                                                                                                                                                                    • lstrlenA.KERNEL32(00429FE0,?,00429FE0,Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe), ref: 00403C38
                                                                                                                                                                                    • SetWindowTextA.USER32(?,00429FE0), ref: 00403C47
                                                                                                                                                                                    • ShowWindow.USER32(?,0000000A), ref: 00403D7B
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe, xrefs: 00403C29
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$Item$MessageSend$Show$CallbackDispatcherLongMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                                                                                    • String ID: Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe
                                                                                                                                                                                    • API String ID: 1252290697-2078378640
                                                                                                                                                                                    • Opcode ID: 0b6e4c35b8dcfffa61f252a23bc82b09b6935cd656e84c2cc0fc3574caf64574
                                                                                                                                                                                    • Instruction ID: 552f9e5d3371f53337095c5be2d86efa37a563823f2766eb5c4291c6ef6876bd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b6e4c35b8dcfffa61f252a23bc82b09b6935cd656e84c2cc0fc3574caf64574
                                                                                                                                                                                    • Instruction Fuzzy Hash: B8C1B171604204AFD721AF62ED85E2B7F6CEB44706F40053EF941B51E1C779A942DB2E
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403555 Relevance: 47.5, APIs: 15, Strings: 12, Instructions: 216stringregistrylibraryCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 263 403555-40356d call 405d2e 266 403581-4035a8 call 4058f3 263->266 267 40356f-40357f call 40596a 263->267 272 4035c0-4035c6 lstrcatA 266->272 273 4035aa-4035bb call 4058f3 266->273 276 4035cb-4035f4 call 40381e call 4055e0 267->276 272->276 273->272 281 4035fa-4035ff 276->281 282 40367b-403683 call 4055e0 276->282 281->282 283 403601-403625 call 4058f3 281->283 288 403691-4036b6 LoadImageA 282->288 289 403685-40368c call 405a2e 282->289 283->282 290 403627-403629 283->290 292 403745-40374d call 40140b 288->292 293 4036bc-4036f2 RegisterClassA 288->293 289->288 294 40363a-403646 lstrlenA 290->294 295 40362b-403638 call 40552a 290->295 307 403757-403762 call 40381e 292->307 308 40374f-403752 292->308 296 403814 293->296 297 4036f8-403740 SystemParametersInfoA CreateWindowExA 293->297 301 403648-403656 lstrcmpiA 294->301 302 40366e-403676 call 4054ff call 405a0c 294->302 295->294 299 403816-40381d 296->299 297->292 301->302 306 403658-403662 GetFileAttributesA 301->306 302->282 311 403664-403666 306->311 312 403668-403669 call 405546 306->312 316 403768-403785 ShowWindow LoadLibraryA 307->316 317 4037eb-4037ec call 404e7c 307->317 308->299 311->302 311->312 312->302 318 403787-40378c LoadLibraryA 316->318 319 40378e-4037a0 GetClassInfoA 316->319 323 4037f1-4037f3 317->323 318->319 321 4037a2-4037b2 GetClassInfoA RegisterClassA 319->321 322 4037b8-4037db DialogBoxParamA call 40140b 319->322 321->322 328 4037e0-4037e9 call 4034a5 322->328 325 4037f5-4037fb 323->325 326 40380d-40380f call 40140b 323->326 325->308 329 403801-403808 call 40140b 325->329 326->296 328->299 329->308
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00405D2E: GetModuleHandleA.KERNEL32(?,?,00000000,0040313D,00000008), ref: 00405D40
                                                                                                                                                                                      • Part of subcall function 00405D2E: LoadLibraryA.KERNEL32(?,?,00000000,0040313D,00000008), ref: 00405D4B
                                                                                                                                                                                      • Part of subcall function 00405D2E: GetProcAddress.KERNEL32(00000000,?), ref: 00405D5C
                                                                                                                                                                                    • lstrcatA.KERNEL32(1033,00429FE0,80000001,Control Panel\Desktop\ResourceLocale,00000000,00429FE0,00000000,00000006,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004035C6
                                                                                                                                                                                    • lstrlenA.KERNEL32(Execute: ,?,?,?,Execute: ,00000000,00434400,1033,00429FE0,80000001,Control Panel\Desktop\ResourceLocale,00000000,00429FE0,00000000,00000006,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe"), ref: 0040363B
                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,.exe), ref: 0040364E
                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(Execute: ), ref: 00403659
                                                                                                                                                                                    • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,00434400), ref: 004036A2
                                                                                                                                                                                      • Part of subcall function 0040596A: wsprintfA.USER32 ref: 00405977
                                                                                                                                                                                    • RegisterClassA.USER32 ref: 004036E9
                                                                                                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403701
                                                                                                                                                                                    • CreateWindowExA.USER32(00000080,?,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040373A
                                                                                                                                                                                    • ShowWindow.USER32(00000005,00000000), ref: 00403770
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(RichEd20), ref: 00403781
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(RichEd32), ref: 0040378C
                                                                                                                                                                                    • GetClassInfoA.USER32(00000000,RichEdit20A,0042E300), ref: 0040379C
                                                                                                                                                                                    • GetClassInfoA.USER32(00000000,RichEdit,0042E300), ref: 004037A9
                                                                                                                                                                                    • RegisterClassA.USER32(0042E300), ref: 004037B2
                                                                                                                                                                                    • DialogBoxParamA.USER32(?,00000000,004038EB,00000000), ref: 004037D1
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ClassLoad$InfoLibrary$RegisterWindow$AddressAttributesCreateDialogFileHandleImageModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Execute: $RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
                                                                                                                                                                                    • API String ID: 914957316-318099422
                                                                                                                                                                                    • Opcode ID: 3a2c45f0d62c5ae26582f53126e34280adb3cccee4e3bf9508370ae987846fa1
                                                                                                                                                                                    • Instruction ID: af9374935d7a54fd1dce6881c110e57d7cc589bc1fe1380e1b33b637fa7f222c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3a2c45f0d62c5ae26582f53126e34280adb3cccee4e3bf9508370ae987846fa1
                                                                                                                                                                                    • Instruction Fuzzy Hash: E161C571604204BAD220AF669D85F273EACE744759F40447FF941B22E1D779AD028B3E
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403F06 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 334 403f06-403f16 335 404029-40403c 334->335 336 403f1c-403f24 334->336 337 404098-40409c 335->337 338 40403e-404047 335->338 339 403f26-403f35 336->339 340 403f37-403fcf call 403dbe * 2 CheckDlgButton call 403de0 GetDlgItem call 403df3 SendMessageA 336->340 341 4040a2-4040b6 GetDlgItem 337->341 342 40416c-404173 337->342 343 40417b 338->343 344 40404d-404055 338->344 339->340 372 403fd1-403fd4 GetSysColor 340->372 373 403fda-404024 SendMessageA * 2 lstrlenA SendMessageA * 2 340->373 346 4040b8-4040bf 341->346 347 40412a-404131 341->347 342->343 349 404175 342->349 350 40417e-404185 call 403e25 343->350 344->343 348 40405b-404067 344->348 346->347 352 4040c1-4040dc 346->352 347->350 353 404133-40413a 347->353 348->343 354 40406d-404093 GetDlgItem SendMessageA call 403de0 call 404191 348->354 349->343 357 40418a-40418e 350->357 352->347 359 4040de-404127 SendMessageA LoadCursorA SetCursor ShellExecuteA LoadCursorA SetCursor 352->359 353->350 360 40413c-404140 353->360 354->337 359->347 363 404142-404151 SendMessageA 360->363 364 404153-404157 360->364 363->364 367 404167-40416a 364->367 368 404159-404165 SendMessageA 364->368 367->357 368->367 372->373 373->357
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 00403F91
                                                                                                                                                                                    • GetDlgItem.USER32(00000000,000003E8), ref: 00403FA5
                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00403FC3
                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00403FD4
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00403FE3
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00403FF2
                                                                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 00403FFC
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 0040400A
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 00404019
                                                                                                                                                                                    • GetDlgItem.USER32(?,0000040A), ref: 0040407C
                                                                                                                                                                                    • SendMessageA.USER32(00000000), ref: 0040407F
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003E8), ref: 004040AA
                                                                                                                                                                                    • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004040EA
                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F02), ref: 004040F9
                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 00404102
                                                                                                                                                                                    • ShellExecuteA.SHELL32(0000070B,open,0042DB00,00000000,00000000,00000001), ref: 00404115
                                                                                                                                                                                    • LoadCursorA.USER32(00000000,00007F00), ref: 00404122
                                                                                                                                                                                    • SetCursor.USER32(00000000), ref: 00404125
                                                                                                                                                                                    • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404151
                                                                                                                                                                                    • SendMessageA.USER32(00000010,00000000,00000000), ref: 00404165
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                                                                    • String ID: Execute: $N$open
                                                                                                                                                                                    • API String ID: 3615053054-4067340818
                                                                                                                                                                                    • Opcode ID: ca9ac3b64147b6f3934cc3f9d65700a8f1bf1296ace46b7c3bfa8303cb2a33ee
                                                                                                                                                                                    • Instruction ID: 0605a8af88f24b8a239437e517aaa265f180be2417519ff34b25117700073a86
                                                                                                                                                                                    • Opcode Fuzzy Hash: ca9ac3b64147b6f3934cc3f9d65700a8f1bf1296ace46b7c3bfa8303cb2a33ee
                                                                                                                                                                                    • Instruction Fuzzy Hash: D161C1B1A40209BBEB109F60DD45F6A3B69FF54715F108036FB01BA2D1C7B8A991CF98
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402C22 Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 374 402c22-402c70 GetTickCount GetModuleFileNameA call 4056e3 377 402c72-402c77 374->377 378 402c7c-402caa call 405a0c call 405546 call 405a0c GetFileSize 374->378 379 402e54-402e58 377->379 386 402cb0 378->386 387 402d97-402da5 call 402bbe 378->387 388 402cb5-402ccc 386->388 393 402da7-402daa 387->393 394 402dfa-402dff 387->394 390 402cd0-402cd2 call 40307d 388->390 391 402cce 388->391 398 402cd7-402cd9 390->398 391->390 396 402dac-402dbd call 4030af call 40307d 393->396 397 402dce-402df8 GlobalAlloc call 4030af call 402e5b 393->397 394->379 414 402dc2-402dc4 396->414 397->394 425 402e0b-402e1c 397->425 400 402e01-402e09 call 402bbe 398->400 401 402cdf-402ce6 398->401 400->394 404 402d62-402d66 401->404 405 402ce8-402cfc call 4056a4 401->405 409 402d70-402d76 404->409 410 402d68-402d6f call 402bbe 404->410 405->409 423 402cfe-402d05 405->423 416 402d85-402d8f 409->416 417 402d78-402d82 call 405d9a 409->417 410->409 414->394 420 402dc6-402dcc 414->420 416->388 424 402d95 416->424 417->416 420->394 420->397 423->409 429 402d07-402d0e 423->429 424->387 426 402e24-402e29 425->426 427 402e1e 425->427 430 402e2a-402e30 426->430 427->426 429->409 431 402d10-402d17 429->431 430->430 432 402e32-402e4d SetFilePointer call 4056a4 430->432 431->409 433 402d19-402d20 431->433 436 402e52 432->436 433->409 435 402d22-402d42 433->435 435->394 437 402d48-402d4c 435->437 436->379 438 402d54-402d5c 437->438 439 402d4e-402d52 437->439 438->409 440 402d5e-402d60 438->440 439->424 439->438 440->409
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402C33
                                                                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe,00000400), ref: 00402C4F
                                                                                                                                                                                      • Part of subcall function 004056E3: GetFileAttributesA.KERNEL32(00000003,00402C62,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe,80000000,00000003), ref: 004056E7
                                                                                                                                                                                      • Part of subcall function 004056E3: CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405709
                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe,80000000,00000003), ref: 00402C9B
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • soft, xrefs: 00402D10
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C22
                                                                                                                                                                                    • D[, xrefs: 00402E48
                                                                                                                                                                                    • "C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe", xrefs: 00402C2C
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe, xrefs: 00402C39, 00402C48, 00402C5C, 00402C7C
                                                                                                                                                                                    • Null, xrefs: 00402D19
                                                                                                                                                                                    • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402DFA
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp, xrefs: 00402C7D, 00402C82, 00402C88
                                                                                                                                                                                    • Inst, xrefs: 00402D07
                                                                                                                                                                                    • Error launching installer, xrefs: 00402C72
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp$C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe$D[$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                                                                                                                    • API String ID: 4283519449-2656594124
                                                                                                                                                                                    • Opcode ID: 1aa0d1efbed9786f842be751fafdabbb11e6860e74167932e572fcfd279c9ed7
                                                                                                                                                                                    • Instruction ID: 5cdc40c0d59b83eec34e45f83230a383a342561faf5f4e8ee161a7b3089b1b43
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1aa0d1efbed9786f842be751fafdabbb11e6860e74167932e572fcfd279c9ed7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 40512371A00214ABDB20DF61DE89B9E7BA8EF04329F10413BF905B62D1D7BC9D418B9D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401734 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 147stringtimeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 510 401734-401757 call 4029f6 call 40556c 515 401761-401773 call 405a0c call 4054ff lstrcatA 510->515 516 401759-40175f call 405a0c 510->516 521 401778-40177e call 405c6e 515->521 516->521 526 401783-401787 521->526 527 401789-401793 call 405d07 526->527 528 4017ba-4017bd 526->528 535 4017a5-4017b7 527->535 536 401795-4017a3 CompareFileTime 527->536 530 4017c5-4017e1 call 4056e3 528->530 531 4017bf-4017c0 call 4056c4 528->531 538 4017e3-4017e6 530->538 539 401859-401871 call 404daa call 402e5b 530->539 531->530 535->528 536->535 540 4017e8-40182a call 405a0c * 2 call 405a2e call 405a0c call 4052cd 538->540 541 40183b-401845 call 404daa 538->541 550 401876-401882 539->550 540->526 574 401830-401831 540->574 551 40184e-401854 541->551 553 401884-401888 550->553 554 40188a-401896 SetFileTime 550->554 555 402894 551->555 553->554 557 40189c-4018a7 CloseHandle 553->557 554->557 558 402896-40289a 555->558 560 40288b-40288e 557->560 561 4018ad-4018b0 557->561 560->555 563 4018b2-4018c3 call 405a2e lstrcatA 561->563 564 4018c5-4018c8 call 405a2e 561->564 568 4018cd-402213 call 4052cd 563->568 564->568 568->558 577 40265c-402663 568->577 574->551 576 401833-401834 574->576 576->541 577->560
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrcatA.KERNEL32(00000000,00000000,"C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00434800,00000000,00000000,00000031), ref: 00401773
                                                                                                                                                                                    • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577","C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,00000000,"C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00434800,00000000,00000000,00000031), ref: 0040179D
                                                                                                                                                                                      • Part of subcall function 00405A0C: lstrcpynA.KERNEL32(?,?,00000400,00403168,Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe,NSIS Error), ref: 00405A19
                                                                                                                                                                                      • Part of subcall function 00404DAA: lstrlenA.KERNEL32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0,?,?,?,?,?,?,?,?,?,00402FB6,00000000,?), ref: 00404DE3
                                                                                                                                                                                      • Part of subcall function 00404DAA: lstrlenA.KERNEL32(00402FB6,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0,?,?,?,?,?,?,?,?,?,00402FB6,00000000), ref: 00404DF3
                                                                                                                                                                                      • Part of subcall function 00404DAA: lstrcatA.KERNEL32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00402FB6,00402FB6,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0), ref: 00404E06
                                                                                                                                                                                      • Part of subcall function 00404DAA: SetWindowTextA.USER32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577"), ref: 00404E18
                                                                                                                                                                                      • Part of subcall function 00404DAA: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E3E
                                                                                                                                                                                      • Part of subcall function 00404DAA: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E58
                                                                                                                                                                                      • Part of subcall function 00404DAA: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E66
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577"$C:\Users\user\AppData\Local\Temp\nsnE22.tmp$C:\Users\user\AppData\Local\Temp\nsnE22.tmp\inetc.dll
                                                                                                                                                                                    • API String ID: 1941528284-501993133
                                                                                                                                                                                    • Opcode ID: 1cf9bbfc997b1134b0f8a4bfbcfd73be4b8e8804970232e8f4d9f9eac33bd372
                                                                                                                                                                                    • Instruction ID: 2412d90e5cc6ef50ac46e2462e63b4f26081636668b1d4f665875a47291bc265
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cf9bbfc997b1134b0f8a4bfbcfd73be4b8e8804970232e8f4d9f9eac33bd372
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4341D831A10515BACF10BBB5DD86DAF3A69EF41328B24433BF511F11E2D67C4A418E6D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404DAA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73stringwindowCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 578 404daa-404dbf 579 404e75-404e79 578->579 580 404dc5-404dd7 578->580 581 404de2-404dee lstrlenA 580->581 582 404dd9-404ddd call 405a2e 580->582 584 404df0-404e00 lstrlenA 581->584 585 404e0b-404e0f 581->585 582->581 584->579 586 404e02-404e06 lstrcatA 584->586 587 404e11-404e18 SetWindowTextA 585->587 588 404e1e-404e22 585->588 586->585 587->588 589 404e24-404e66 SendMessageA * 3 588->589 590 404e68-404e6a 588->590 589->590 590->579 591 404e6c-404e6f 590->591 591->579
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0,?,?,?,?,?,?,?,?,?,00402FB6,00000000,?), ref: 00404DE3
                                                                                                                                                                                    • lstrlenA.KERNEL32(00402FB6,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0,?,?,?,?,?,?,?,?,?,00402FB6,00000000), ref: 00404DF3
                                                                                                                                                                                    • lstrcatA.KERNEL32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00402FB6,00402FB6,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0), ref: 00404E06
                                                                                                                                                                                    • SetWindowTextA.USER32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577"), ref: 00404E18
                                                                                                                                                                                    • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E3E
                                                                                                                                                                                    • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E58
                                                                                                                                                                                    • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E66
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                                                                    • String ID: Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577"
                                                                                                                                                                                    • API String ID: 2531174081-4162607886
                                                                                                                                                                                    • Opcode ID: 50dbff66748b602f0133f4c5fc9f36e40697bbb7724bf87a113127d5fb299ab7
                                                                                                                                                                                    • Instruction ID: 64f14355eea1465708e63b557f2fc924fecf56a011f776fb8de10cf69f9f2b8c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 50dbff66748b602f0133f4c5fc9f36e40697bbb7724bf87a113127d5fb299ab7
                                                                                                                                                                                    • Instruction Fuzzy Hash: F7216071A00118BBDB119FA9DD85ADEBFA9FF44354F14807AF904B6290C7398E418F98
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402E5B Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174fileCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 592 402e5b-402e6f 593 402e71 592->593 594 402e78-402e81 592->594 593->594 595 402e83 594->595 596 402e8a-402e8f 594->596 595->596 597 402e91-402e9a call 4030af 596->597 598 402e9f-402eac call 40307d 596->598 597->598 602 402eb2-402eb6 598->602 603 403028 598->603 605 403011-403013 602->605 606 402ebc-402f05 GetTickCount 602->606 604 40302a-40302b 603->604 607 403076-40307a 604->607 608 403015-403018 605->608 609 403068-40306c 605->609 610 403073 606->610 611 402f0b-402f13 606->611 614 40301a 608->614 615 40301d-403026 call 40307d 608->615 612 40302d-403033 609->612 613 40306e 609->613 610->607 616 402f15 611->616 617 402f18-402f26 call 40307d 611->617 619 403035 612->619 620 403038-403046 call 40307d 612->620 613->610 614->615 615->603 627 403070 615->627 616->617 617->603 625 402f2c-402f35 617->625 619->620 620->603 629 403048-40305b WriteFile 620->629 628 402f3b-402f5b call 405e08 625->628 627->610 635 402f61-402f74 GetTickCount 628->635 636 403009-40300b 628->636 631 40300d-40300f 629->631 632 40305d-403060 629->632 631->604 632->631 634 403062-403065 632->634 634->609 637 402f76-402f7e 635->637 638 402fb9-402fbd 635->638 636->604 639 402f80-402f84 637->639 640 402f86-402fb6 MulDiv wsprintfA call 404daa 637->640 641 402ffe-403001 638->641 642 402fbf-402fc2 638->642 639->638 639->640 640->638 641->611 643 403007 641->643 645 402fe4-402fef 642->645 646 402fc4-402fd8 WriteFile 642->646 643->610 648 402ff2-402ff6 645->648 646->631 647 402fda-402fdd 646->647 647->631 650 402fdf-402fe2 647->650 648->628 651 402ffc 648->651 650->648 651->610
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402EC2
                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402F69
                                                                                                                                                                                    • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402F92
                                                                                                                                                                                    • wsprintfA.USER32 ref: 00402FA2
                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,0041E588,7FFFFFFF,00000000), ref: 00402FD0
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CountTick$FileWritewsprintf
                                                                                                                                                                                    • String ID: ... %d%%
                                                                                                                                                                                    • API String ID: 4209647438-2449383134
                                                                                                                                                                                    • Opcode ID: 1f10aff3c47cebe2a5e100a5dc7d43d5beac94b5f1c66d2473a247b31fd2901d
                                                                                                                                                                                    • Instruction ID: 0d39cdfb2b20f01ea0ef459ff81ac6f09524c508dd7874cbed1e127a204ff5ac
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f10aff3c47cebe2a5e100a5dc7d43d5beac94b5f1c66d2473a247b31fd2901d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3D618D7190121AEBDF10CF65DA44A9E7BB8EF04366F10413BF800B72D4D7789A51DBAA
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401F51 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 652 401f51-401f5d 653 401f63-401f79 call 4029f6 * 2 652->653 654 402019-40201b 652->654 664 401f88-401f96 LoadLibraryExA 653->664 665 401f7b-401f86 GetModuleHandleA 653->665 656 402164-402169 call 401423 654->656 661 40288b-40289a 656->661 667 401f98-401fa6 GetProcAddress 664->667 668 402012-402014 664->668 665->664 665->667 669 401fe5-401fea call 404daa 667->669 670 401fa8-401fae 667->670 668->656 674 401fef-401ff2 669->674 672 401fb0-401fbc call 401423 670->672 673 401fc7-401fdb 670->673 672->674 683 401fbe-401fc5 672->683 676 401fe0-401fe3 673->676 674->661 677 401ff8-402000 call 4034f5 674->677 676->674 677->661 682 402006-40200d FreeLibrary 677->682 682->661 683->674
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(00000000,00000001,000000F0), ref: 00401F7C
                                                                                                                                                                                      • Part of subcall function 00404DAA: lstrlenA.KERNEL32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0,?,?,?,?,?,?,?,?,?,00402FB6,00000000,?), ref: 00404DE3
                                                                                                                                                                                      • Part of subcall function 00404DAA: lstrlenA.KERNEL32(00402FB6,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0,?,?,?,?,?,?,?,?,?,00402FB6,00000000), ref: 00404DF3
                                                                                                                                                                                      • Part of subcall function 00404DAA: lstrcatA.KERNEL32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00402FB6,00402FB6,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0), ref: 00404E06
                                                                                                                                                                                      • Part of subcall function 00404DAA: SetWindowTextA.USER32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577"), ref: 00404E18
                                                                                                                                                                                      • Part of subcall function 00404DAA: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E3E
                                                                                                                                                                                      • Part of subcall function 00404DAA: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E58
                                                                                                                                                                                      • Part of subcall function 00404DAA: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E66
                                                                                                                                                                                    • LoadLibraryExA.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401F8C
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00401F9C
                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402007
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                                                                                                                    • String ID: B
                                                                                                                                                                                    • API String ID: 2987980305-3806887055
                                                                                                                                                                                    • Opcode ID: fcdaad9b5f410b944ec1e2f862cfb012e283d986c277704fa4351eb896a07fcc
                                                                                                                                                                                    • Instruction ID: bf94c0598684f4a2e8798aed6ecd64900ad0f6fcd097f114c8a1beddd358b100
                                                                                                                                                                                    • Opcode Fuzzy Hash: fcdaad9b5f410b944ec1e2f862cfb012e283d986c277704fa4351eb896a07fcc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5121EE72D04216EBCF107FA5CE49A6E75B06F45358F20433BF511B62E1C77C4941A65E
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00405712 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 684 405712-40571c 685 40571d-405747 GetTickCount GetTempFileNameA 684->685 686 405756-405758 685->686 687 405749-40574b 685->687 689 405750-405753 686->689 687->685 688 40574d 687->688 688->689
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00405725
                                                                                                                                                                                    • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 0040573F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CountFileNameTempTick
                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                    • API String ID: 1716503409-2234852798
                                                                                                                                                                                    • Opcode ID: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                    • Instruction ID: 857343acb9398127b83b67a88284cb3acf20d602f6beb627bdaaa73bf87bc8f8
                                                                                                                                                                                    • Opcode Fuzzy Hash: fc5e126f8815d4696b9f295c06fae67d9d4e63728d0dbdda5093f58b42bfadad
                                                                                                                                                                                    • Instruction Fuzzy Hash: 19F0A736348204BAE7105E55DC04B9B7F99DFD1750F14C027F9449B1C0D6F099589BA9
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401BAD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 690 401bad-401bc5 call 4029d9 * 2 695 401bd1-401bd5 690->695 696 401bc7-401bce call 4029f6 690->696 698 401be1-401be7 695->698 699 401bd7-401bde call 4029f6 695->699 696->695 700 401be9-401bfd call 4029d9 * 2 698->700 701 401c2d-401c53 call 4029f6 * 2 FindWindowExA 698->701 699->698 713 401c1d-401c2b SendMessageA 700->713 714 401bff-401c1b SendMessageTimeoutA 700->714 715 401c59 701->715 713->715 716 401c5c-401c5f 714->716 715->716 717 401c65 716->717 718 40288b-40289a 716->718 717->718
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C0D
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C25
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$Timeout
                                                                                                                                                                                    • String ID: !
                                                                                                                                                                                    • API String ID: 1777923405-2657877971
                                                                                                                                                                                    • Opcode ID: 5e77a80833e19dc55b8a20fadec5ab0659a97bc6c71de6bcb2193ca436d8299f
                                                                                                                                                                                    • Instruction ID: e870f9960eb541ab862ab70d99fa676f0883abea00e9f1964bf1c40a5587cb5b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5e77a80833e19dc55b8a20fadec5ab0659a97bc6c71de6bcb2193ca436d8299f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B21C4B1A44209BFEF01AFB4CE4AAAE7B75EF40344F14053EF602B60D1D6B84980E718
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040526C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 721 40526c-405299 GetFileAttributesW 722 4052a7-4052a8 721->722 723 40529b-4052a4 CloseHandle 721->723 723->722
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042BFE8,Error launching installer), ref: 00405291
                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 0040529E
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 0040526C
                                                                                                                                                                                    • Error launching installer, xrefs: 0040527F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesCloseFileHandle
                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\$Error launching installer
                                                                                                                                                                                    • API String ID: 266939499-1785902839
                                                                                                                                                                                    • Opcode ID: dc33ac1254d82063a7b9e43172f0f507123e59eb9c5a5fd92b1179a08dc1bdb0
                                                                                                                                                                                    • Instruction ID: 9c205d3d1494e9e4afb0e3639077779a104ecf70f113e6d393e41fe649cd8d97
                                                                                                                                                                                    • Opcode Fuzzy Hash: dc33ac1254d82063a7b9e43172f0f507123e59eb9c5a5fd92b1179a08dc1bdb0
                                                                                                                                                                                    • Instruction Fuzzy Hash: FBE0ECB4A04209ABEB00EF64ED09D7B7BBCEB00304B408522A911E2290D778E410CEB9
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004015B3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 724 4015b3-4015c6 call 4029f6 call 405593 729 4015c8-4015e3 call 40552a CreateDirectoryA 724->729 730 40160a-40160d 724->730 737 401600-401608 729->737 738 4015e5-4015f0 GetLastError 729->738 732 40162d-402169 call 401423 730->732 733 40160f-401628 call 401423 call 405a0c SetCurrentDirectoryA 730->733 745 40288b-40289a 732->745 733->745 737->729 737->730 743 4015f2-4015fb GetFileAttributesA 738->743 744 4015fd 738->744 743->737 743->744 744->737
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00405593: CharNextA.USER32(ES@,?,0042B3E8,00000000,004055F7,0042B3E8,0042B3E8,?,?,00000000,00405345,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000), ref: 004055A1
                                                                                                                                                                                      • Part of subcall function 00405593: CharNextA.USER32(00000000), ref: 004055A6
                                                                                                                                                                                      • Part of subcall function 00405593: CharNextA.USER32(00000000), ref: 004055B5
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015DB
                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,0000005C,00000000,000000F0), ref: 004015E5
                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000000,?,00000000,0000005C,00000000,000000F0), ref: 004015F3
                                                                                                                                                                                    • SetCurrentDirectoryA.KERNEL32(00000000,00434800,00000000,00000000,000000F0), ref: 00401622
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharNext$Directory$AttributesCreateCurrentErrorFileLast
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3751793516-0
                                                                                                                                                                                    • Opcode ID: e9d59eda693b922a5fdb80184fc3babb31ba0cd8e1a3062a527ae998bf2baf8a
                                                                                                                                                                                    • Instruction ID: bf1eb0eabc3c1df6ff2fb323ed3efcd7168262dea338722757ad05095e7f5395
                                                                                                                                                                                    • Opcode Fuzzy Hash: e9d59eda693b922a5fdb80184fc3babb31ba0cd8e1a3062a527ae998bf2baf8a
                                                                                                                                                                                    • Instruction Fuzzy Hash: AB012631908180AFDB217F756D449BF6BB0EA56365728073FF492B22E2C23C4D42962E
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004030C6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00405C6E: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030D2,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 00405CC6
                                                                                                                                                                                      • Part of subcall function 00405C6E: CharNextA.USER32(?,?,?,00000000), ref: 00405CD3
                                                                                                                                                                                      • Part of subcall function 00405C6E: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030D2,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 00405CD8
                                                                                                                                                                                      • Part of subcall function 00405C6E: CharPrevA.USER32(?,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030D2,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 00405CE8
                                                                                                                                                                                    • CreateDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 004030E7
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Char$Next$CreateDirectoryPrev
                                                                                                                                                                                    • String ID: 1033$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                    • API String ID: 4115351271-517883005
                                                                                                                                                                                    • Opcode ID: 9fc94c8ce289ceace51d82d7694160c71b26e7ee5232ad3accb455f1d4d4e313
                                                                                                                                                                                    • Instruction ID: 7f1b43601f0a10077d0081c2ba5ec5825ac71a1bded9547d22d949ebda8a6a9f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9fc94c8ce289ceace51d82d7694160c71b26e7ee5232ad3accb455f1d4d4e313
                                                                                                                                                                                    • Instruction Fuzzy Hash: B6D0922150AD3031D651322A3E06BCF154D8F4636AF65807BF944B608A4A6C2A825AEE
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401E1B Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00404DAA: lstrlenA.KERNEL32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0,?,?,?,?,?,?,?,?,?,00402FB6,00000000,?), ref: 00404DE3
                                                                                                                                                                                      • Part of subcall function 00404DAA: lstrlenA.KERNEL32(00402FB6,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0,?,?,?,?,?,?,?,?,?,00402FB6,00000000), ref: 00404DF3
                                                                                                                                                                                      • Part of subcall function 00404DAA: lstrcatA.KERNEL32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00402FB6,00402FB6,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,0041E588,74DF23A0), ref: 00404E06
                                                                                                                                                                                      • Part of subcall function 00404DAA: SetWindowTextA.USER32(Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577"), ref: 00404E18
                                                                                                                                                                                      • Part of subcall function 00404DAA: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404E3E
                                                                                                                                                                                      • Part of subcall function 00404DAA: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404E58
                                                                                                                                                                                      • Part of subcall function 00404DAA: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404E66
                                                                                                                                                                                      • Part of subcall function 0040526C: GetFileAttributesW.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042BFE8,Error launching installer), ref: 00405291
                                                                                                                                                                                      • Part of subcall function 0040526C: CloseHandle.KERNEL32(?), ref: 0040529E
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E55
                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 00401E65
                                                                                                                                                                                    • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401E8A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$CloseHandlelstrlen$AttributesCodeExitFileObjectProcessSingleTextWaitWindowlstrcat
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2790827543-0
                                                                                                                                                                                    • Opcode ID: 4b53c6c7469f8e071ddfdf7e6759fb46581fd0ecbacd408de75aedda49c8cc2d
                                                                                                                                                                                    • Instruction ID: b33c81b7bc3b485aca967e7674fca75add98f6be2a8732829935c4442cdc9329
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b53c6c7469f8e071ddfdf7e6759fb46581fd0ecbacd408de75aedda49c8cc2d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 99018071904214EBDF11AFA1CD859AE7A75EF00348F24403BF906B61E1C3794A82DB9A
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402427 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00402B00: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                    • RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402455
                                                                                                                                                                                    • RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 00402468
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsnE22.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Enum$CloseOpenValue
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 167947723-0
                                                                                                                                                                                    • Opcode ID: 66024286d137bb69d35dc7fd71a65b82676194e9ec02c4dd60db8724081c0399
                                                                                                                                                                                    • Instruction ID: ba27a5b4615b94bf9550a78118f2e7023eed3f1787cd0549807e620a17edd571
                                                                                                                                                                                    • Opcode Fuzzy Hash: 66024286d137bb69d35dc7fd71a65b82676194e9ec02c4dd60db8724081c0399
                                                                                                                                                                                    • Instruction Fuzzy Hash: 26F0D671A04201EFE715AF659D88EBF7A6CDF40388F10443FF406B61C0D2B85D42967A
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402506 Relevance: 3.1, APIs: 2, Instructions: 79fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000001,?,?,?,00000002), ref: 00402552
                                                                                                                                                                                      • Part of subcall function 0040596A: wsprintfA.USER32 ref: 00405977
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileReadwsprintf
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3326442220-0
                                                                                                                                                                                    • Opcode ID: 2c7191adeafb7d7382798bce2ac0963ce55d8e8026d0a5c1790b4b53cd6a8cd4
                                                                                                                                                                                    • Instruction ID: 02b82add068a20f554fa3340ec929415b861c3440f6284982e621cfe540b9a84
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2c7191adeafb7d7382798bce2ac0963ce55d8e8026d0a5c1790b4b53cd6a8cd4
                                                                                                                                                                                    • Instruction Fuzzy Hash: DE21F870D05299FFDF219FA48E596EEBBB49B01304F14417BE881B63D2D1B88A81C72D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                    • SendMessageA.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                    • Opcode ID: cf7b3020d7635a73a7f034f7f9c2b240c5e2222d46fcf66a2415134205071e91
                                                                                                                                                                                    • Instruction ID: 8223ec958efd2c964e321ebce6dca8e406ed2778dd364e0d2667d4e2a9ef0db3
                                                                                                                                                                                    • Opcode Fuzzy Hash: cf7b3020d7635a73a7f034f7f9c2b240c5e2222d46fcf66a2415134205071e91
                                                                                                                                                                                    • Instruction Fuzzy Hash: FE01F4317242109BE7299B799D04B6A36D8E710325F14453FF955F72F1D678DC028B4D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004056E3 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesA.KERNEL32(00000003,00402C62,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe,80000000,00000003), ref: 004056E7
                                                                                                                                                                                    • CreateFileA.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 00405709
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$AttributesCreate
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 415043291-0
                                                                                                                                                                                    • Opcode ID: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                    • Instruction ID: 518821d5ca0a74227a37217cadb520a33af9faec79942caa6648154b48e23ab6
                                                                                                                                                                                    • Opcode Fuzzy Hash: f96d5d8e90d761c4e0dddf78ec48930a46771e4615b27f2c581d09f506512028
                                                                                                                                                                                    • Instruction Fuzzy Hash: DDD09E71658301AFEF098F20DE1AF2E7AA2EB84B01F10962CB646940E0D6715C15DB16
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040307D Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,000000FF,?,00402EAA,000000FF,00000004,00000000,00000000,00000000), ref: 00403094
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                    • Opcode ID: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                                                                    • Instruction ID: 43e3c0ed55451ca58d66c179b0d5cd373ba627774d09ad719adf1b780fd88a5d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 728267699a9b44ddad9e6e694247195ab13049bac6004c2e56fc09e99b3f0f19
                                                                                                                                                                                    • Instruction Fuzzy Hash: F0E08631101119BBCF105E61AC00A9B3F9CEB05362F00C032FA04E5190D538DA14DBA5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402B00 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00000022,00000000,?,?), ref: 00402B28
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Open
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 71445658-0
                                                                                                                                                                                    • Opcode ID: 332b4b28ccf70e09bb7c329d8b92fdd51d6a369451d7e4fe1d23c46d78dfb372
                                                                                                                                                                                    • Instruction ID: 26822e9457f7499eaf47d686268157363fcd7c772d88ad4a089d565b944a1739
                                                                                                                                                                                    • Opcode Fuzzy Hash: 332b4b28ccf70e09bb7c329d8b92fdd51d6a369451d7e4fe1d23c46d78dfb372
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4DE08CB6240108BFDB50EFA5ED4BFD677ECBB04340F008921B618EB091CA75E5809B68
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403DBE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,?,00000000), ref: 00403DD8
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ItemText
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3367045223-0
                                                                                                                                                                                    • Opcode ID: 3e813572aabfc24dd457d3397d8ae2cb884b5dfcfb659632984281e934c33c5c
                                                                                                                                                                                    • Instruction ID: 1da1af2c7098a7a5c47cb9e65cfb44b89bee0289569f32b065f15b06c39939a7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e813572aabfc24dd457d3397d8ae2cb884b5dfcfb659632984281e934c33c5c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 79C04C79248604BFD641A759DC42F1FB79DEF94315F00C52EB19CE11D1C63984209E26
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403E0A Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SendMessageA.USER32(000204FA,00000000,00000000,00000000), ref: 00403E1C
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                    • Opcode ID: c5061dae57279ed18d5e0219b0993123e9bb10419d0af8d34ddcf4ee1c6729a0
                                                                                                                                                                                    • Instruction ID: 4a69275ab6afdcc9dd23c2635c3fa87663c4bda3d9f509ac91b66b343a6ea2c2
                                                                                                                                                                                    • Opcode Fuzzy Hash: c5061dae57279ed18d5e0219b0993123e9bb10419d0af8d34ddcf4ee1c6729a0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0FC04C717443016AEA20DB51DE45F0777589754B01F548465B604A50D0C674E410D65D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403DF3 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SendMessageA.USER32(00000028,?,00000001,00403C24), ref: 00403E01
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                                                                    • Opcode ID: acb417c3046c5230bf261fb3a85c5b045a6b8022903fbd0a553d80ffe77ce434
                                                                                                                                                                                    • Instruction ID: d5eec3387bf9f2af87c3deac1be3c081a68759b5cbc5052c90a1cd046c0f3978
                                                                                                                                                                                    • Opcode Fuzzy Hash: acb417c3046c5230bf261fb3a85c5b045a6b8022903fbd0a553d80ffe77ce434
                                                                                                                                                                                    • Instruction Fuzzy Hash: BCB01275BC4201FBEE219B01DE09F457E62E764701F008074B305240F0C6B210A1DF0D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004030AF Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00402DE9,0000B9E4), ref: 004030BD
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 973152223-0
                                                                                                                                                                                    • Opcode ID: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                                                                    • Instruction ID: eafd0aff1283cdec3023edec91852d87283cefa69c9b21bce59c6677f93a42a7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2028dafccfaa88a297be93e7ba1f52e009ec02dcd94d5fd44c1761bf2bffe23e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 14B01271644200BFDB214F00DF06F057B21A790701F108030B344380F082712420EB1E
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403DE0 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(?,00403BBD), ref: 00403DEA
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CallbackDispatcherUser
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2492992576-0
                                                                                                                                                                                    • Opcode ID: e3f2ba33d58efc8432ae633466a552196efcc3252a2fe2007ece747084bac9c6
                                                                                                                                                                                    • Instruction ID: 5393fb3fd4ec66336373a3cea7bd514d8462fd9d014250aae94180e38f4c2131
                                                                                                                                                                                    • Opcode Fuzzy Hash: e3f2ba33d58efc8432ae633466a552196efcc3252a2fe2007ece747084bac9c6
                                                                                                                                                                                    • Instruction Fuzzy Hash: AFA002755051009BCA515B50DF048457A61A754701B458475F1459017487315861EB6A
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 004046F9 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003F9), ref: 00404710
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000408), ref: 0040471D
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000001), ref: 00404769
                                                                                                                                                                                    • LoadBitmapA.USER32(0000006E), ref: 0040477C
                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000FC,00404CFA), ref: 00404796
                                                                                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004047AA
                                                                                                                                                                                    • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004047BE
                                                                                                                                                                                    • SendMessageA.USER32(?,00001109,00000002), ref: 004047D3
                                                                                                                                                                                    • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004047DF
                                                                                                                                                                                    • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004047F1
                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004047F6
                                                                                                                                                                                    • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 00404821
                                                                                                                                                                                    • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 0040482D
                                                                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 004048C2
                                                                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004048ED
                                                                                                                                                                                    • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404901
                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 00404930
                                                                                                                                                                                    • SetWindowLongA.USER32(?,000000F0,00000000), ref: 0040493E
                                                                                                                                                                                    • ShowWindow.USER32(?,00000005), ref: 0040494F
                                                                                                                                                                                    • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404A52
                                                                                                                                                                                    • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404AB7
                                                                                                                                                                                    • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404ACC
                                                                                                                                                                                    • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404AF0
                                                                                                                                                                                    • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404B16
                                                                                                                                                                                    • ImageList_Destroy.COMCTL32(00000000), ref: 00404B2B
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00404B3B
                                                                                                                                                                                    • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404BAB
                                                                                                                                                                                    • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404C54
                                                                                                                                                                                    • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404C63
                                                                                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00404C83
                                                                                                                                                                                    • ShowWindow.USER32(?,00000000), ref: 00404CD1
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FE), ref: 00404CDC
                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00404CE3
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                    • String ID: $M$N
                                                                                                                                                                                    • API String ID: 1638840714-813528018
                                                                                                                                                                                    • Opcode ID: 9006264d80cea567de8ea85ae76f5f4e6db86d56f38ece968a838e3dcd762fad
                                                                                                                                                                                    • Instruction ID: 30a51c26aaa2b30bd696497e7e47c5adc9155ce2862f65cc436e234c57937e2f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9006264d80cea567de8ea85ae76f5f4e6db86d56f38ece968a838e3dcd762fad
                                                                                                                                                                                    • Instruction Fuzzy Hash: D402AFB0A00208AFDB20DF55DD45AAE7BB5FB84314F10817AF611BA2E1D7799E42CF58
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004041FC Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 266stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDlgItem.USER32(?,000003FB), ref: 00404248
                                                                                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00404275
                                                                                                                                                                                    • SHBrowseForFolderA.SHELL32(?,004293B0,?), ref: 0040432A
                                                                                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00404335
                                                                                                                                                                                    • lstrcmpiA.KERNEL32(Execute: ,00429FE0), ref: 00404367
                                                                                                                                                                                    • lstrcatA.KERNEL32(?,Execute: ), ref: 00404373
                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404383
                                                                                                                                                                                      • Part of subcall function 004052B1: GetDlgItemTextA.USER32(?,?,00000400,004043B6), ref: 004052C4
                                                                                                                                                                                      • Part of subcall function 00405C6E: CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030D2,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 00405CC6
                                                                                                                                                                                      • Part of subcall function 00405C6E: CharNextA.USER32(?,?,?,00000000), ref: 00405CD3
                                                                                                                                                                                      • Part of subcall function 00405C6E: CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030D2,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 00405CD8
                                                                                                                                                                                      • Part of subcall function 00405C6E: CharPrevA.USER32(?,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030D2,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 00405CE8
                                                                                                                                                                                    • GetDiskFreeSpaceA.KERNEL32(00428FA8,?,?,0000040F,?,00428FA8,00428FA8,?,00000000,00428FA8,?,?,000003FB,?), ref: 0040443C
                                                                                                                                                                                    • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404457
                                                                                                                                                                                    • SetDlgItemTextA.USER32(00000000,00000400,00428F98), ref: 004044D0
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpi
                                                                                                                                                                                    • String ID: A$Execute:
                                                                                                                                                                                    • API String ID: 2246997448-52275644
                                                                                                                                                                                    • Opcode ID: 6ab1eb65d489d7f474ee6da6f1ce318879e7bc5207f6923fd53d8865a327c9bb
                                                                                                                                                                                    • Instruction ID: 52dfe11e264a0fce323933678d720eed1997f61c196974170264a293bd140da1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6ab1eb65d489d7f474ee6da6f1ce318879e7bc5207f6923fd53d8865a327c9bb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 19915FB1A00219ABDF11AFA1CC85AAF7BB8EF84315F10407BFA00B6291D77C99418F59
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00405A2E Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetVersion.KERNEL32(00000000,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,00404DE2,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000), ref: 00405AD6
                                                                                                                                                                                    • GetSystemDirectoryA.KERNEL32(Execute: ,00000400), ref: 00405B51
                                                                                                                                                                                    • GetWindowsDirectoryA.KERNEL32(Execute: ,00000400), ref: 00405B64
                                                                                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(?,0041E588), ref: 00405BA0
                                                                                                                                                                                    • SHGetPathFromIDListA.SHELL32(0041E588,Execute: ), ref: 00405BAE
                                                                                                                                                                                    • CoTaskMemFree.OLE32(0041E588), ref: 00405BB9
                                                                                                                                                                                    • lstrcatA.KERNEL32(Execute: ,\Microsoft\Internet Explorer\Quick Launch), ref: 00405BDB
                                                                                                                                                                                    • lstrlenA.KERNEL32(Execute: ,00000000,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000,00404DE2,Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577",00000000), ref: 00405C2D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                                                                    • String ID: Execute: $Execute: "C:\Users\user\AppData\Local\Temp\nsnE22.tmp\set_2.exe" /qn CAMPAIGN="2577"$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                    • API String ID: 900638850-3086978547
                                                                                                                                                                                    • Opcode ID: 836fece74e7b83efcc8e6abf991d18e4324180e390ed0b8ba3fefc28c16e2b61
                                                                                                                                                                                    • Instruction ID: e3937826694aa96a66c9679703be47664347117baa65301e61951ea2719d1281
                                                                                                                                                                                    • Opcode Fuzzy Hash: 836fece74e7b83efcc8e6abf991d18e4324180e390ed0b8ba3fefc28c16e2b61
                                                                                                                                                                                    • Instruction Fuzzy Hash: DB51F331A04B05AAEF219B689C84BBF3BB4DB15314F54423BE912B62D0D27C6D42DF4E
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402020 Relevance: 3.1, APIs: 2, Instructions: 134comCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CoCreateInstance.OLE32(00407490,?,00000001,00407480,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402073
                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409378,00000400,?,00000001,00407480,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040212D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 123533781-0
                                                                                                                                                                                    • Opcode ID: 68441b76e02daf5c94a04c817994d866479800aff39ed8a12ba88c5297dbe799
                                                                                                                                                                                    • Instruction ID: ee874f8c2dec57c4877f78095a0f9dac743c80c93ea62094aeb2a8065092a27c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 68441b76e02daf5c94a04c817994d866479800aff39ed8a12ba88c5297dbe799
                                                                                                                                                                                    • Instruction Fuzzy Hash: 07417D75A00205BFCB40DFA4CD88E9E7BBABF48354B204269FA15FB2D1CA799D41CB54
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040263E Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 0040264D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1974802433-0
                                                                                                                                                                                    • Opcode ID: 5ec8cfe3ecd6d47a33181b223f4745e968f2e88ce0dfbd25e8ae3887cda06d2f
                                                                                                                                                                                    • Instruction ID: c4edc1118dc91e0c9440d01bfde8b8f2caf312925950fbc99ec99334c7621aa2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5ec8cfe3ecd6d47a33181b223f4745e968f2e88ce0dfbd25e8ae3887cda06d2f
                                                                                                                                                                                    • Instruction Fuzzy Hash: E3F0E572648101DFD700EBB49D49AEEB768DF51328FA007BBF502F20C1C2B84945DB2A
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00406128 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: c2605cf98d0f5e4d904242d25cd3a4b56aad5cd8bbaf3b06cd26a7c18d89d64d
                                                                                                                                                                                    • Instruction ID: 671146196c1174ec618cbc22bbed2adbdbe1d7b4d249fb8fe9215707769dedfe
                                                                                                                                                                                    • Opcode Fuzzy Hash: c2605cf98d0f5e4d904242d25cd3a4b56aad5cd8bbaf3b06cd26a7c18d89d64d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3FE16971901B09DFDB24CF58C880BAABBF5EB44305F15852EE897A72D1D378AA51CF44
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004068FF Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: b751e5aff08849ce342a749075ab7f0bf0a9efd73ac853bc595c300a3c4f69bb
                                                                                                                                                                                    • Instruction ID: ce73a9d55fc041a401e528a6b0bed7c2fc314d3430b7e91baefc2d4226deaab1
                                                                                                                                                                                    • Opcode Fuzzy Hash: b751e5aff08849ce342a749075ab7f0bf0a9efd73ac853bc595c300a3c4f69bb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 51C13A71A002698BDF14CF68C4905EEB7B2FF99314F26827AD856B7380D7346952CF94
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                    • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                    • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                    • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                    • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                                                                                                                    • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                    • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                    • DrawTextA.USER32(00000000,Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                    • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • F, xrefs: 0040100C
                                                                                                                                                                                    • Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe, xrefs: 00401150
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                    • String ID: Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe$F
                                                                                                                                                                                    • API String ID: 941294808-1403161657
                                                                                                                                                                                    • Opcode ID: 3029600e7a8438bcc5a7b1f7b0fc9c629607e2b31f65c15310fafe19c7710355
                                                                                                                                                                                    • Instruction ID: 226a36137513f208ef2a020474f107b038e547e09bed9ebbc09fe29577f91b00
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3029600e7a8438bcc5a7b1f7b0fc9c629607e2b31f65c15310fafe19c7710355
                                                                                                                                                                                    • Instruction Fuzzy Hash: C0419B71804249AFCF058FA5CD459BFBFB9FF44314F00812AF952AA1A0C738AA51DFA5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040575A Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00405D2E: GetModuleHandleA.KERNEL32(?,?,00000000,0040313D,00000008), ref: 00405D40
                                                                                                                                                                                      • Part of subcall function 00405D2E: LoadLibraryA.KERNEL32(?,?,00000000,0040313D,00000008), ref: 00405D4B
                                                                                                                                                                                      • Part of subcall function 00405D2E: GetProcAddress.KERNEL32(00000000,?), ref: 00405D5C
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000001,?,00000000,?,?,004054EF,?,00000000,000000F1,?), ref: 004057A7
                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(?,0042C170,00000400), ref: 004057B0
                                                                                                                                                                                    • GetShortPathNameA.KERNEL32(00000000,0042BBE8,00000400), ref: 004057CD
                                                                                                                                                                                    • wsprintfA.USER32 ref: 004057EB
                                                                                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,0042BBE8,C0000000,00000004,0042BBE8,?,?,?,00000000,000000F1,?), ref: 00405826
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 00405835
                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 0040584B
                                                                                                                                                                                    • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B7E8,00000000,-0000000A,00409330,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405891
                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 004058A3
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004058AA
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 004058B1
                                                                                                                                                                                      • Part of subcall function 00405658: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405866,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040565F
                                                                                                                                                                                      • Part of subcall function 00405658: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405866,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040568F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeLibraryLoadModulePointerProcReadSizeWritewsprintf
                                                                                                                                                                                    • String ID: %s=%s$[Rename]
                                                                                                                                                                                    • API String ID: 3772915668-1727408572
                                                                                                                                                                                    • Opcode ID: 6cb39701302fa091149022549eefa5da3c0be633e3a468fc33eaceea222ec053
                                                                                                                                                                                    • Instruction ID: 426fb2abaf3c2c6495405564ff4e517f65c757b77f6bed08917e1be6c8ffeb7f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6cb39701302fa091149022549eefa5da3c0be633e3a468fc33eaceea222ec053
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6341FF32606B15ABE3206B619C49F6B3A5CDF80705F004436FD05F62C2E678E8118EBD
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00405C6E Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CharNextA.USER32(?,*?|<>/":,00000000,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030D2,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 00405CC6
                                                                                                                                                                                    • CharNextA.USER32(?,?,?,00000000), ref: 00405CD3
                                                                                                                                                                                    • CharNextA.USER32(?,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030D2,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 00405CD8
                                                                                                                                                                                    • CharPrevA.USER32(?,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",C:\Users\user\AppData\Local\Temp\,00000000,004030D2,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 00405CE8
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Char$Next$Prev
                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                    • API String ID: 589700163-1801127757
                                                                                                                                                                                    • Opcode ID: 5aa71b13a4eda0142438c40892e2bf660e792717ed83394db4a483eb7dc85cb7
                                                                                                                                                                                    • Instruction ID: 3b67653c5ee308ebbdbeafcda2e7905df7fa5ba98b11233f7c0ae47683edab57
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5aa71b13a4eda0142438c40892e2bf660e792717ed83394db4a483eb7dc85cb7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0811905180CB912EFB3206245D44BB7BF89CB567A0F58447BE9C5B22C2CA7C5C429A6D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403E25 Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetWindowLongA.USER32(?,000000EB), ref: 00403E42
                                                                                                                                                                                    • GetSysColor.USER32(00000000), ref: 00403E5E
                                                                                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00403E6A
                                                                                                                                                                                    • SetBkMode.GDI32(?,?), ref: 00403E76
                                                                                                                                                                                    • GetSysColor.USER32(?), ref: 00403E89
                                                                                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00403E99
                                                                                                                                                                                    • DeleteObject.GDI32(?), ref: 00403EB3
                                                                                                                                                                                    • CreateBrushIndirect.GDI32(?), ref: 00403EBD
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2320649405-0
                                                                                                                                                                                    • Opcode ID: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                                                                    • Instruction ID: df06335cf3b4afc37a3544ae2d30c5d34a8579c70edf0d6bae8496df32602c64
                                                                                                                                                                                    • Opcode Fuzzy Hash: 54c4c26d0880f537c7164b4e2121e342b47f232b14c6c2566c024284623f766e
                                                                                                                                                                                    • Instruction Fuzzy Hash: DC219671904709ABCB219F78DD08B4B7FF8AF00715F048A29F855E22E0D338E904CB95
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040267C Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,0000BA00,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 004026D0
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,000000F0), ref: 004026EC
                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 00402725
                                                                                                                                                                                    • WriteFile.KERNEL32(FFFFFD66,00000000,?,FFFFFD66,?,?,?,?,000000F0), ref: 00402737
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 0040273E
                                                                                                                                                                                    • CloseHandle.KERNEL32(FFFFFD66,?,?,000000F0), ref: 00402756
                                                                                                                                                                                    • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,000000F0), ref: 0040276A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3294113728-0
                                                                                                                                                                                    • Opcode ID: 127149d4f0cce16dfe4a3af1efdcab4b76b2a353eb8979ce4d539156ac24bc73
                                                                                                                                                                                    • Instruction ID: 62f2159171fbc9033078dd1539b67ba065abfcd1800d5973976be9d0b9eda31e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 127149d4f0cce16dfe4a3af1efdcab4b76b2a353eb8979ce4d539156ac24bc73
                                                                                                                                                                                    • Instruction Fuzzy Hash: DE319F71C00128BBDF216FA5CD89EAE7E78EF04364F10422AF524772E0C7795D419BA9
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404679 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 00404694
                                                                                                                                                                                    • GetMessagePos.USER32 ref: 0040469C
                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 004046B6
                                                                                                                                                                                    • SendMessageA.USER32(?,00001111,00000000,?), ref: 004046C8
                                                                                                                                                                                    • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004046EE
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Message$Send$ClientScreen
                                                                                                                                                                                    • String ID: f
                                                                                                                                                                                    • API String ID: 41195575-1993550816
                                                                                                                                                                                    • Opcode ID: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                                                                    • Instruction ID: b5388fb2048f9adb4f66bcd81e9da03b2d8faafec29f08353259a6dacb87349b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a5698d5089c35727aab5c3c5da7bcfb0b51a0b1d2cb1bbeaafe9db8233e3477
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E014071D00219BADB00DB94DC45BEEBBB8AB59711F10016ABA11B61C0D7B865418BA5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402B3B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B56
                                                                                                                                                                                    • MulDiv.KERNEL32(0000F7E5,00000064,?), ref: 00402B81
                                                                                                                                                                                    • wsprintfA.USER32 ref: 00402B91
                                                                                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 00402BA1
                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BB3
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • verifying installer: %d%%, xrefs: 00402B8B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                    • String ID: verifying installer: %d%%
                                                                                                                                                                                    • API String ID: 1451636040-82062127
                                                                                                                                                                                    • Opcode ID: fb9d5c419c19e2bdb6c378f6819b1ebc1dc21d5e7d0f0b4f2b85ce684f360012
                                                                                                                                                                                    • Instruction ID: 3d98ddf4d84b742d5460afe4edfb6d9be597fa80bf04213b3bc288f28cb5f5da
                                                                                                                                                                                    • Opcode Fuzzy Hash: fb9d5c419c19e2bdb6c378f6819b1ebc1dc21d5e7d0f0b4f2b85ce684f360012
                                                                                                                                                                                    • Instruction Fuzzy Hash: 82014470A40209ABDB209F60DD09FAE3779BB04345F008039FA06A92D1D7B8AA558F99
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402303 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402341
                                                                                                                                                                                    • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsnE22.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402361
                                                                                                                                                                                    • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsnE22.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040239A
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsnE22.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 0040247D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseCreateValuelstrlen
                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsnE22.tmp
                                                                                                                                                                                    • API String ID: 1356686001-2840628438
                                                                                                                                                                                    • Opcode ID: feee39b2995d5713698e39181d4267c001e0350d88117aa5d933f9716d921611
                                                                                                                                                                                    • Instruction ID: 74c2b7e5efa1a9b7d251dd878628ee018497e02546d33d1ea7114f4406d6c15c
                                                                                                                                                                                    • Opcode Fuzzy Hash: feee39b2995d5713698e39181d4267c001e0350d88117aa5d933f9716d921611
                                                                                                                                                                                    • Instruction Fuzzy Hash: 721160B1E00209BFEB10AFA5DE89EAF767CFB40398F10453AF901B71D0D6B85D019669
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401D1B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDC.USER32(?), ref: 00401D22
                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000), ref: 00401D29
                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D38
                                                                                                                                                                                    • CreateFontIndirectA.GDI32(0040AF84), ref: 00401D8A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CapsCreateDeviceFontIndirect
                                                                                                                                                                                    • String ID: MS Shell Dlg
                                                                                                                                                                                    • API String ID: 3272661963-76309092
                                                                                                                                                                                    • Opcode ID: bbbcfc34ac2d637fe9c3dcd2aae23fbeb0c3268bdde6826654245cc777324362
                                                                                                                                                                                    • Instruction ID: 580b179190550232f88f4ba5e52f5296c98f8c4b0afe68c870f47754878f2485
                                                                                                                                                                                    • Opcode Fuzzy Hash: bbbcfc34ac2d637fe9c3dcd2aae23fbeb0c3268bdde6826654245cc777324362
                                                                                                                                                                                    • Instruction Fuzzy Hash: 68F044F1A45342AEE702A7B0AE4B7993B649725309F100436F545BA1E2C5BC00149B7F
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402A36 Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A57
                                                                                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402A93
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402A9C
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00402AC1
                                                                                                                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402ADF
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Close$DeleteEnumOpen
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1912718029-0
                                                                                                                                                                                    • Opcode ID: b26b43b9b7666f40e9fdb218fe96b22a79156d573bb7d5cc257a1d138f5a7564
                                                                                                                                                                                    • Instruction ID: 324dab2b24170647655e9dcbeda369d8ff673eed47d89bab0de13a8960c84090
                                                                                                                                                                                    • Opcode Fuzzy Hash: b26b43b9b7666f40e9fdb218fe96b22a79156d573bb7d5cc257a1d138f5a7564
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F115675A00008FFEF31AF91DE49DAB7B6DEB40384B104436FA05B10A0DBB59E51AE69
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401CC1 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDlgItem.USER32(?), ref: 00401CC5
                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00401CD2
                                                                                                                                                                                    • LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401CF3
                                                                                                                                                                                    • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D01
                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00401D10
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1849352358-0
                                                                                                                                                                                    • Opcode ID: bcf2014c00065f5201b430a5429a32b7385cfa622623bd2341514d29d8348619
                                                                                                                                                                                    • Instruction ID: f89edaf4e673e5a696cf4c500be88082f9c29b5fdabb6c66a10e118bddb835aa
                                                                                                                                                                                    • Opcode Fuzzy Hash: bcf2014c00065f5201b430a5429a32b7385cfa622623bd2341514d29d8348619
                                                                                                                                                                                    • Instruction Fuzzy Hash: 71F01DB2E04105BFD700EBA4EE89DAFB7BDEB44345B104576F602F6190C678AD018B69
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404597 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(00429FE0,00429FE0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,004044B7,000000DF,0000040F,00000400,00000000), ref: 00404625
                                                                                                                                                                                    • wsprintfA.USER32 ref: 0040462D
                                                                                                                                                                                    • SetDlgItemTextA.USER32(?,00429FE0), ref: 00404640
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                    • String ID: %u.%u%s%s
                                                                                                                                                                                    • API String ID: 3540041739-3551169577
                                                                                                                                                                                    • Opcode ID: 308c210494ba65c8d6c58fead7846ea59173cd15c70e93c8128561061e7c40a4
                                                                                                                                                                                    • Instruction ID: a73c68329ee831a229c644748369bffc84c82a565a353c3d841dc2820e0c3950
                                                                                                                                                                                    • Opcode Fuzzy Hash: 308c210494ba65c8d6c58fead7846ea59173cd15c70e93c8128561061e7c40a4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9911D0737001243BDB10A66D9C46EEF329ADBC6334F14023BFA25F61D1E9388C5286E8
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040381E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetWindowTextA.USER32(00000000,Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe), ref: 004038B6
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: TextWindow
                                                                                                                                                                                    • String ID: 1033$Advanced System Repair Pro 2002 Portable Optimization SCloudWS.exe$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                    • API String ID: 530164218-876401174
                                                                                                                                                                                    • Opcode ID: 48b09981901e30c4345b6e5c0cee300cf490ae76efe8ca9e2f713c31fa19992d
                                                                                                                                                                                    • Instruction ID: f58d08b88b77c55e92e539ad5181c9965f6bbcffbd0d008a8b371c472e4a47a6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 48b09981901e30c4345b6e5c0cee300cf490ae76efe8ca9e2f713c31fa19992d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9311D176B001009BC734EF56DC809737BADEB8471636881BFEC02A7390D639A8038A98
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004054FF Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 00405505
                                                                                                                                                                                    • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030E4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403244), ref: 0040550E
                                                                                                                                                                                    • lstrcatA.KERNEL32(?,00409010), ref: 0040551F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\, xrefs: 004054FF
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                    • API String ID: 2659869361-3081826266
                                                                                                                                                                                    • Opcode ID: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                    • Instruction ID: dfec000a3f5bf2671270dd29e8f8c50a5f72ee918dd093ba8f25731816a648b4
                                                                                                                                                                                    • Opcode Fuzzy Hash: f17b2ccdaa8efd10834e0f4341d4d5b977b2bb6e8559feba5c8cad9ccc1df0ef
                                                                                                                                                                                    • Instruction Fuzzy Hash: FCD0A972705A307ED2022A19AC06F8F2A88CF17301B044822F100B62D2C23C9E418FFE
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401EC5 Relevance: 6.1, APIs: 4, Instructions: 54memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileVersionInfoSizeA.VERSION(00000000,?,000000EE), ref: 00401ED4
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000000,00000000,?,000000EE), ref: 00401EF2
                                                                                                                                                                                    • GetFileVersionInfoA.VERSION(?,?,?,00000000), ref: 00401F0B
                                                                                                                                                                                    • VerQueryValueA.VERSION(?,00409010,?,?,?,?,?,00000000), ref: 00401F24
                                                                                                                                                                                      • Part of subcall function 0040596A: wsprintfA.USER32 ref: 00405977
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileInfoVersion$AllocGlobalQuerySizeValuewsprintf
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1404258612-0
                                                                                                                                                                                    • Opcode ID: 099a0aa409c47306a0e5e8436e4e2e7c61bc24b53b401cebe12c2d8cce08dfb0
                                                                                                                                                                                    • Instruction ID: ac83c8b0d38e5b491d5bd27050ffdb4091974a4b49ad9b19d675067d3fb65d11
                                                                                                                                                                                    • Opcode Fuzzy Hash: 099a0aa409c47306a0e5e8436e4e2e7c61bc24b53b401cebe12c2d8cce08dfb0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 201148B2900108BFDB01EFA5D981DAEBBB9EF04344B24807AF505F61E1D7389A54DB28
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00405593 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CharNextA.USER32(ES@,?,0042B3E8,00000000,004055F7,0042B3E8,0042B3E8,?,?,00000000,00405345,?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000), ref: 004055A1
                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 004055A6
                                                                                                                                                                                    • CharNextA.USER32(00000000), ref: 004055B5
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharNext
                                                                                                                                                                                    • String ID: ES@
                                                                                                                                                                                    • API String ID: 3213498283-1851447614
                                                                                                                                                                                    • Opcode ID: 68c7f773aafbecf3834176a21eebbfbca0b4bda0270daf5a8c718fc322178301
                                                                                                                                                                                    • Instruction ID: f60ec20427defc95a9886ae099bd540e39d30c8fbbaad3333d1940da6ed1a81e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 68c7f773aafbecf3834176a21eebbfbca0b4bda0270daf5a8c718fc322178301
                                                                                                                                                                                    • Instruction Fuzzy Hash: F8F0A7A2D44B25B6E73222A84C44B6B6BADDB55711F244437E200B61D597B84C828FBA
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402BBE Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • DestroyWindow.USER32(00000000,00000000,00402D9E,00000001), ref: 00402BD1
                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00402BEF
                                                                                                                                                                                    • CreateDialogParamA.USER32(0000006F,00000000,00402B3B,00000000), ref: 00402C0C
                                                                                                                                                                                    • ShowWindow.USER32(00000000,00000005), ref: 00402C1A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2102729457-0
                                                                                                                                                                                    • Opcode ID: c87a5157f8204693ca179b822d2a85440fc20d6be017f85e77c31dbe1d2c93c5
                                                                                                                                                                                    • Instruction ID: df45f881ccb5ca36463c1a09230da8cf23750fca8468dec1cd15007da7f5e5e8
                                                                                                                                                                                    • Opcode Fuzzy Hash: c87a5157f8204693ca179b822d2a85440fc20d6be017f85e77c31dbe1d2c93c5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 22F0F430A09120EBC6716F95FD4C99B7F64E704B157504437F001B55F5D67878829B9D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404CFA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • IsWindowVisible.USER32(?), ref: 00404D30
                                                                                                                                                                                    • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404D9E
                                                                                                                                                                                      • Part of subcall function 00403E0A: SendMessageA.USER32(000204FA,00000000,00000000,00000000), ref: 00403E1C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3748168415-3916222277
                                                                                                                                                                                    • Opcode ID: 498d22ec92de87507460055f31d3341dd140a7d0c04a54d74523ea2b6bf50dd0
                                                                                                                                                                                    • Instruction ID: b16bf2df46199d4e0f4b20eb531931f7d117dfa55111be6f57691eac5a9fa7e0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 498d22ec92de87507460055f31d3341dd140a7d0c04a54d74523ea2b6bf50dd0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 25114F71600218BBDB219F52DC41AAB3B69AF84365F00813FFA04B91E1C37D8D51CFA9
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004024BE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000011), ref: 004024DC
                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsnE22.tmp\inetc.dll,00000000,?,?,00000000,00000011), ref: 004024FB
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\nsnE22.tmp\inetc.dll, xrefs: 004024CA, 004024EF
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileWritelstrlen
                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\nsnE22.tmp\inetc.dll
                                                                                                                                                                                    • API String ID: 427699356-900231625
                                                                                                                                                                                    • Opcode ID: 737d5f13839744d6a9d30165a229b9e08489258fe4ae5c83f7ff32dd2acb6c44
                                                                                                                                                                                    • Instruction ID: 266b505f4b4a70e0031bd9b61304a7f29979de1156be46298b6644775383f0d6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 737d5f13839744d6a9d30165a229b9e08489258fe4ae5c83f7ff32dd2acb6c44
                                                                                                                                                                                    • Instruction Fuzzy Hash: 70F0B4B2B04201AFDB00EBA19E49AAF36589B40348F14443BB142F50C2D6BC4941AB6D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004034C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FreeLibrary.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe",00000000,00000000,00403498,004032EB,00000000), ref: 004034DA
                                                                                                                                                                                    • GlobalFree.KERNEL32(?), ref: 004034E1
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • "C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe", xrefs: 004034D2
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Free$GlobalLibrary
                                                                                                                                                                                    • String ID: "C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe"
                                                                                                                                                                                    • API String ID: 1100898210-312063703
                                                                                                                                                                                    • Opcode ID: 46acf84ebda6383aa3704241e203cd439e3c816428f1e63aa7a51627b246d5e2
                                                                                                                                                                                    • Instruction ID: a7ab284cabc648ba81e11ba063b903b3b671d5f7e61a69f5101281db245b6d62
                                                                                                                                                                                    • Opcode Fuzzy Hash: 46acf84ebda6383aa3704241e203cd439e3c816428f1e63aa7a51627b246d5e2
                                                                                                                                                                                    • Instruction Fuzzy Hash: E1E08C329110209BD6221F05AE0575A7B6D6B44B32F02802AE9407B2A087746C424BDD
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00405546 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(80000000,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp,00402C8E,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe,80000000,00000003), ref: 0040554C
                                                                                                                                                                                    • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp,00402C8E,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe,C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp\setup.exe,80000000,00000003), ref: 0040555A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp, xrefs: 00405546
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharPrevlstrlen
                                                                                                                                                                                    • String ID: C:\Users\user\AppData\Local\Temp\is-9A6TD.tmp
                                                                                                                                                                                    • API String ID: 2709904686-3066129480
                                                                                                                                                                                    • Opcode ID: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                    • Instruction ID: fca702df0190f5d4796b13fce4c8f5ccfdab60c3fa8ed772e71c257c4247ae30
                                                                                                                                                                                    • Opcode Fuzzy Hash: 49376fbf8c9c30057c1bc985cc011eea510fd351d3a644e674ee9e82abf7fe19
                                                                                                                                                                                    • Instruction Fuzzy Hash: 39D0A772508EB07EE70366149C00B9F7A88CF13340F094462E040A61D4C27C4D418FFD
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00405658 Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405866,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040565F
                                                                                                                                                                                    • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405678
                                                                                                                                                                                    • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405686
                                                                                                                                                                                    • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405866,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040568F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 00000002.00000002.2888058311.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 00000002.00000002.2887505679.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2888631694.0000000000407000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000409000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000420000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000429000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.000000000042C000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2889230780.0000000000434000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    • Associated: 00000002.00000002.2892219261.0000000000441000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_2_2_400000_setup.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 190613189-0
                                                                                                                                                                                    • Opcode ID: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                                                                    • Instruction ID: fee4d645b7b415a6dc1afaac75e8b1817c7eae67fc86a6e8a33b60f3285d70db
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0108cf067d6f6d80c8ed850288af8a4b3b9133f156f8bdff26d83f0dd252fb59
                                                                                                                                                                                    • Instruction Fuzzy Hash: 05F0A736309D519AC2125B295C04A6F6A98EF91314B58097AF444F2140E33A9C119BBF
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:18.5%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                    Signature Coverage:4.7%
                                                                                                                                                                                    Total number of Nodes:1761
                                                                                                                                                                                    Total number of Limit Nodes:17
                                                                                                                                                                                    execution_graph 8182 409a10 8185 4096a0 8182->8185 8184 409a5c 8186 4096b5 8185->8186 8187 4099fa 8185->8187 8186->8187 8210 40ce92 8186->8210 8187->8184 8190 4096d3 8190->8184 8191 40ce92 49 API calls 8192 4096ee 8191->8192 8192->8190 8193 40ce92 49 API calls 8192->8193 8194 409701 8193->8194 8194->8190 8195 40ce92 49 API calls 8194->8195 8196 409717 8195->8196 8197 40971b 8196->8197 8216 40d0b7 8196->8216 8197->8184 8199 409741 8199->8184 8200 40973d 8200->8199 8222 409520 8200->8222 8202 4097af 8203 4099c6 8202->8203 8205 4099b3 8202->8205 8208 40ced6 6 API calls 8202->8208 8209 40d1a6 118 API calls 8202->8209 8226 409570 8202->8226 8233 40d18a 8203->8233 8205->8184 8206 4099cd 8206->8184 8208->8202 8209->8202 8211 40cea1 8210->8211 8212 4096cf 8211->8212 8237 40ce59 8211->8237 8212->8190 8212->8191 8217 40d0c6 8216->8217 8219 40d0e0 8217->8219 8456 40d066 8217->8456 8219->8200 8221 402765 48 API calls 8221->8219 8223 409529 8222->8223 8225 40956a 8223->8225 8459 40cf3f 8223->8459 8225->8202 8229 4095d4 8226->8229 8230 409588 8226->8230 8227 4095b2 8227->8202 8228 409600 8228->8202 8229->8228 8231 40cf3f 6 API calls 8229->8231 8230->8227 8232 40cf3f 6 API calls 8230->8232 8231->8228 8232->8227 8234 40d18f 8233->8234 8235 40d1a2 8234->8235 8498 40d0f9 8234->8498 8235->8206 8245 401d26 8237->8245 8240 402765 8248 4026fb 8240->8248 8243 402773 8243->8212 8244 402774 VirtualAlloc 8244->8212 8246 401d2d VirtualFree 8245->8246 8247 401d3e 8245->8247 8246->8247 8247->8240 8249 40270b 8248->8249 8255 402707 8248->8255 8250 40271b GlobalMemoryStatusEx 8249->8250 8249->8255 8251 402729 8250->8251 8250->8255 8251->8255 8256 4021b3 8251->8256 8255->8243 8255->8244 8257 4021ca 8256->8257 8258 4021f1 8257->8258 8259 4021fb GetLastError wsprintfW GetEnvironmentVariableW GetLastError 8257->8259 8276 408d65 8258->8276 8260 402233 ??2@YAPAXI GetEnvironmentVariableW 8259->8260 8261 4022ab SetLastError 8259->8261 8263 402294 ??3@YAXPAX 8260->8263 8264 402262 GetLastError 8260->8264 8261->8258 8262 4022c2 8261->8262 8265 4022e1 lstrlenA ??2@YAPAXI 8262->8265 8285 40215d 8262->8285 8272 402297 8263->8272 8264->8263 8266 402268 8264->8266 8269 402312 GetLocaleInfoW 8265->8269 8270 40234c MultiByteToWideChar 8265->8270 8271 402272 lstrcmpiW 8266->8271 8266->8272 8269->8270 8274 402339 _wtol 8269->8274 8270->8258 8271->8263 8275 402281 ??3@YAXPAX 8271->8275 8272->8261 8273 4022d7 8273->8265 8274->8270 8275->8272 8292 407cb6 8276->8292 8279 408d8a IsBadReadPtr 8281 408d9c 8279->8281 8297 407d17 8281->8297 8284 408dcd 8284->8255 8286 402167 GetUserDefaultUILanguage 8285->8286 8287 4021ab 8285->8287 8288 402184 8286->8288 8289 402188 GetSystemDefaultUILanguage 8286->8289 8287->8273 8288->8273 8289->8287 8290 402194 GetSystemDefaultLCID 8289->8290 8290->8287 8291 4021a4 8290->8291 8291->8287 8310 401484 8292->8310 8295 407d13 IsWindow 8295->8279 8295->8281 8296 407cef GetSystemMetrics GetSystemMetrics 8296->8295 8298 407d26 8297->8298 8299 407d8a 8297->8299 8298->8299 8318 40279d 8298->8318 8309 407a8a ??3@YAXPAX 8299->8309 8301 407d37 8302 40279d 2 API calls 8301->8302 8303 407d42 8302->8303 8322 404224 8303->8322 8306 404224 20 API calls 8307 407d54 ??3@YAXPAX ??3@YAXPAX 8306->8307 8307->8299 8309->8284 8313 40119e 8310->8313 8314 4011ea 8313->8314 8315 4011ac ??2@YAPAXI 8313->8315 8314->8295 8314->8296 8315->8314 8316 4011cd ??3@YAXPAX 8315->8316 8316->8314 8319 4027b4 8318->8319 8320 40119e 2 API calls 8319->8320 8321 4027bf 8320->8321 8321->8301 8329 402b9d 8322->8329 8326 40423c 8365 4041f0 8326->8365 8330 401484 2 API calls 8329->8330 8331 402bab 8330->8331 8332 402bbb ExpandEnvironmentStringsW 8331->8332 8333 40119e 2 API calls 8331->8333 8334 402bd4 ??3@YAXPAX 8332->8334 8335 402bdf 8332->8335 8333->8332 8336 402c16 8334->8336 8376 4027d6 8335->8376 8342 403ee8 8336->8342 8339 402bfa 8380 4013d5 8339->8380 8341 402c0e ??3@YAXPAX 8341->8336 8343 401484 2 API calls 8342->8343 8344 403ef6 8343->8344 8345 4013d5 2 API calls 8344->8345 8346 403f01 8345->8346 8384 4027ee 8346->8384 8348 403f0e 8349 40279d 2 API calls 8348->8349 8350 403f1b 8349->8350 8388 403e6d 8350->8388 8353 4013d5 2 API calls 8354 403f3f 8353->8354 8355 4027ee 2 API calls 8354->8355 8356 403f4c 8355->8356 8357 40279d 2 API calls 8356->8357 8358 403f59 8357->8358 8359 403e6d 3 API calls 8358->8359 8360 403f69 ??3@YAXPAX 8359->8360 8361 40279d 2 API calls 8360->8361 8362 403f80 8361->8362 8363 403e6d 3 API calls 8362->8363 8364 403f8f ??3@YAXPAX ??3@YAXPAX 8363->8364 8364->8326 8366 402b9d 6 API calls 8365->8366 8367 4041fb 8366->8367 8405 403fa3 8367->8405 8369 404208 8428 40405e 8369->8428 8371 404213 8451 404119 8371->8451 8373 404219 8374 402b9d 6 API calls 8373->8374 8375 40421f 8374->8375 8375->8306 8377 4027e2 8376->8377 8378 4027e8 ExpandEnvironmentStringsW 8376->8378 8379 40119e 2 API calls 8377->8379 8378->8339 8379->8378 8381 4013e1 8380->8381 8383 4013f3 8380->8383 8382 40119e 2 API calls 8381->8382 8382->8383 8383->8341 8385 4027fb 8384->8385 8393 40140b 8385->8393 8387 402806 8387->8348 8389 403e7f ??3@YAXPAX 8388->8389 8391 403e83 8388->8391 8389->8353 8391->8389 8397 402a04 8391->8397 8401 40332f 8391->8401 8394 40144f 8393->8394 8395 40141f 8393->8395 8394->8387 8396 40119e ??2@YAPAXI ??3@YAXPAX 8395->8396 8396->8394 8398 402a1a 8397->8398 8399 402a2e 8398->8399 8400 4025d1 memmove 8398->8400 8399->8391 8400->8399 8402 40333e 8401->8402 8403 403357 8402->8403 8404 402abc ??2@YAPAXI ??3@YAXPAX memmove 8402->8404 8403->8391 8404->8403 8406 401484 2 API calls 8405->8406 8407 403fb1 8406->8407 8408 4013d5 2 API calls 8407->8408 8409 403fbc 8408->8409 8410 4027ee 2 API calls 8409->8410 8411 403fc9 8410->8411 8412 40279d 2 API calls 8411->8412 8413 403fd6 8412->8413 8414 403e6d 3 API calls 8413->8414 8415 403fe6 ??3@YAXPAX 8414->8415 8416 4013d5 2 API calls 8415->8416 8417 403ffa 8416->8417 8418 4027ee 2 API calls 8417->8418 8419 404007 8418->8419 8420 40279d 2 API calls 8419->8420 8421 404014 8420->8421 8422 403e6d 3 API calls 8421->8422 8423 404024 ??3@YAXPAX 8422->8423 8424 40279d 2 API calls 8423->8424 8425 40403b 8424->8425 8426 403e6d 3 API calls 8425->8426 8427 40404a ??3@YAXPAX ??3@YAXPAX 8426->8427 8427->8369 8429 401484 2 API calls 8428->8429 8430 40406c 8429->8430 8431 4013d5 2 API calls 8430->8431 8432 404077 8431->8432 8433 4027ee 2 API calls 8432->8433 8434 404084 8433->8434 8435 40279d 2 API calls 8434->8435 8436 404091 8435->8436 8437 403e6d 3 API calls 8436->8437 8438 4040a1 ??3@YAXPAX 8437->8438 8439 4013d5 2 API calls 8438->8439 8440 4040b5 8439->8440 8441 4027ee 2 API calls 8440->8441 8442 4040c2 8441->8442 8443 40279d 2 API calls 8442->8443 8444 4040cf 8443->8444 8445 403e6d 3 API calls 8444->8445 8446 4040df ??3@YAXPAX 8445->8446 8447 40279d 2 API calls 8446->8447 8448 4040f6 8447->8448 8449 403e6d 3 API calls 8448->8449 8450 404105 ??3@YAXPAX ??3@YAXPAX 8449->8450 8450->8371 8452 40279d 2 API calls 8451->8452 8453 40412c 8452->8453 8454 403e6d 3 API calls 8453->8454 8455 40413d ??3@YAXPAX 8454->8455 8455->8373 8457 401d26 VirtualFree 8456->8457 8458 40d070 8457->8458 8458->8221 8462 40ced6 8459->8462 8463 40cee4 8462->8463 8464 40cee8 8462->8464 8463->8223 8468 40cf7d 8464->8468 8466 40cf0d _CxxThrowException 8466->8463 8469 40cfa2 8468->8469 8470 40cf08 8469->8470 8472 40d02a 8469->8472 8470->8463 8470->8466 8475 40cfdf EnterCriticalSection 8472->8475 8474 40d04e 8474->8470 8481 40c5fe 8475->8481 8477 40d006 LeaveCriticalSection 8477->8474 8482 40c607 8481->8482 8483 40c60e 8481->8483 8482->8477 8487 40c5ca 8482->8487 8491 40beb6 SetFilePointer 8483->8491 8488 40c5e2 8487->8488 8489 40c58e GetLastError 8488->8489 8490 40c5f9 8489->8490 8490->8477 8492 40bedf GetLastError 8491->8492 8493 40bee9 8491->8493 8492->8493 8494 40c58e 8493->8494 8495 40c595 8494->8495 8496 40c598 GetLastError 8494->8496 8495->8482 8497 40c5a2 8496->8497 8497->8482 8499 40d10d 8498->8499 8500 40d132 8499->8500 8501 40d11e memmove 8499->8501 8502 40d14d 8500->8502 8507 40c030 SetFileTime 8500->8507 8508 40127e 8500->8508 8514 40be4b 8500->8514 8517 40efb4 8500->8517 8501->8500 8502->8234 8507->8502 8509 401292 8508->8509 8512 401286 8508->8512 8510 4012af 8509->8510 8523 40c04d 8509->8523 8510->8512 8513 4012bc SetFileAttributesW 8510->8513 8512->8502 8513->8512 8515 40be55 FindCloseChangeNotification 8514->8515 8516 40be60 8514->8516 8515->8516 8516->8502 8520 40efc0 8517->8520 8518 40f06d 8518->8502 8520->8518 8521 40ef75 112 API calls 8520->8521 8527 412878 8520->8527 8531 40ee54 8520->8531 8521->8520 8526 40c030 SetFileTime 8523->8526 8525 40c05a 8525->8510 8526->8525 8528 412889 8527->8528 8529 412899 8527->8529 8536 40c662 8528->8536 8529->8520 8532 40ee6e 8531->8532 8544 401841 8532->8544 8607 40bfe5 8532->8607 8533 40eea2 8533->8520 8541 40c05d 8536->8541 8538 40c67b 8539 40c58e GetLastError 8538->8539 8540 40c69a 8539->8540 8540->8529 8542 40c06b 8541->8542 8543 40c06e WriteFile 8541->8543 8542->8543 8543->8538 8545 40185d 8544->8545 8551 401853 8544->8551 8610 40f78d _EH_prolog 8545->8610 8547 40188a 8654 40c125 8547->8654 8548 401484 2 API calls 8550 4018a3 8548->8550 8552 401b7d ??3@YAXPAX 8550->8552 8553 4018b8 8550->8553 8551->8533 8557 40c125 VariantClear 8552->8557 8636 40139c 8553->8636 8556 4018c3 8640 40157d 8556->8640 8557->8551 8560 4013d5 2 API calls 8561 4018e2 ??3@YAXPAX 8560->8561 8562 401b43 ??3@YAXPAX 8561->8562 8567 4018f4 8561->8567 8564 40c125 VariantClear 8562->8564 8564->8551 8565 401915 8566 40c125 VariantClear 8565->8566 8568 40191d ??3@YAXPAX 8566->8568 8567->8565 8569 40197f 8567->8569 8570 401940 8567->8570 8568->8547 8572 4019a4 8569->8572 8573 4019bd 8569->8573 8571 40c125 VariantClear 8570->8571 8574 401952 ??3@YAXPAX 8571->8574 8575 40c125 VariantClear 8572->8575 8576 4019c5 8573->8576 8577 4019df GetLocalTime SystemTimeToFileTime 8573->8577 8574->8547 8578 4019ac ??3@YAXPAX 8575->8578 8576->8570 8579 401a13 8576->8579 8580 4019fc 8576->8580 8577->8576 8578->8547 8645 4033b3 GetFileAttributesW 8579->8645 8658 40371d lstrlenW 8580->8658 8584 401b4f GetLastError 8584->8562 8585 401a33 ??2@YAPAXI 8587 401a3f 8585->8587 8586 401b45 8586->8584 8682 40c019 8587->8682 8590 401b2a 8594 40c125 VariantClear 8590->8594 8591 401a7a GetLastError 8685 40136a 8591->8685 8593 401a8c 8595 40371d 88 API calls 8593->8595 8599 401a9a ??3@YAXPAX 8593->8599 8594->8562 8597 401ae7 8595->8597 8597->8599 8600 40c019 2 API calls 8597->8600 8598 401ab7 8601 40c125 VariantClear 8598->8601 8599->8598 8602 401b0c 8600->8602 8603 401ac5 ??3@YAXPAX 8601->8603 8604 401b10 GetLastError 8602->8604 8605 401b21 ??3@YAXPAX 8602->8605 8603->8547 8604->8599 8605->8590 8801 40bf1c 8607->8801 8611 40f896 8610->8611 8612 40f7c8 8610->8612 8613 40f7e5 8611->8613 8614 40f89b 8611->8614 8612->8613 8615 40f862 8612->8615 8616 40f7d7 8612->8616 8628 40f80b 8613->8628 8714 40f50e 8613->8714 8617 40f850 8614->8617 8620 40f8a5 8614->8620 8626 40f7f7 8614->8626 8615->8628 8688 412859 8615->8688 8616->8617 8618 40f7dc 8616->8618 8710 40c1b0 8617->8710 8627 40f7e2 8618->8627 8631 40f810 8618->8631 8620->8617 8620->8631 8625 40f878 8691 40c169 8625->8691 8626->8628 8702 40c1d5 8626->8702 8627->8613 8627->8626 8697 40c12a 8628->8697 8629 40c125 VariantClear 8634 401886 8629->8634 8631->8628 8706 40c1f5 8631->8706 8634->8547 8634->8548 8637 4013b3 8636->8637 8638 40119e 2 API calls 8637->8638 8639 4013be 8638->8639 8639->8556 8641 40136a 2 API calls 8640->8641 8642 40158b 8641->8642 8729 401455 8642->8729 8644 401596 8644->8560 8646 4033d0 8645->8646 8647 401a1f 8645->8647 8648 4033e1 8646->8648 8649 4033d4 SetLastError 8646->8649 8647->8584 8647->8585 8647->8586 8648->8647 8650 4033ea 8648->8650 8652 4033f8 FindFirstFileW 8648->8652 8649->8647 8732 403386 8650->8732 8652->8650 8653 40340b FindClose CompareFileTime 8652->8653 8653->8647 8653->8650 8655 40c0e1 8654->8655 8656 40c102 VariantClear 8655->8656 8657 40c119 8655->8657 8656->8551 8657->8551 8659 40279d 2 API calls 8658->8659 8660 40373e 8659->8660 8661 40119e 2 API calls 8660->8661 8663 40374e 8660->8663 8661->8663 8664 40379c GetSystemTimeAsFileTime GetFileAttributesW 8663->8664 8667 403840 8663->8667 8770 401ba1 CreateDirectoryW 8663->8770 8665 4037b1 8664->8665 8666 4037bb 8664->8666 8668 4033b3 22 API calls 8665->8668 8669 401ba1 4 API calls 8666->8669 8673 4037c1 ??3@YAXPAX 8666->8673 8670 403870 8667->8670 8667->8673 8668->8666 8680 4037ce 8669->8680 8672 408dd2 57 API calls 8670->8672 8671 4037d3 8776 408dd2 8671->8776 8677 40387a ??3@YAXPAX 8672->8677 8679 403885 8673->8679 8675 403834 ??3@YAXPAX 8675->8679 8676 4037e6 memcpy 8676->8680 8677->8679 8679->8570 8680->8671 8680->8675 8680->8676 8681 401ba1 4 API calls 8680->8681 8681->8680 8798 40c002 8682->8798 8686 40119e 2 API calls 8685->8686 8687 401384 8686->8687 8687->8593 8689 40136a 2 API calls 8688->8689 8690 412866 8689->8690 8690->8625 8718 40c153 8691->8718 8694 40c1a9 ??3@YAXPAX 8694->8628 8695 40c18e 8695->8694 8696 40c193 _CxxThrowException 8695->8696 8696->8694 8698 40c0e1 VariantClear 8697->8698 8699 40c136 8698->8699 8700 40c13a memcpy 8699->8700 8701 40c14f 8699->8701 8700->8701 8701->8629 8703 40c1e3 8702->8703 8704 40c1de 8702->8704 8703->8628 8705 40c153 VariantClear 8704->8705 8705->8703 8707 40c203 8706->8707 8708 40c1fe 8706->8708 8707->8628 8709 40c153 VariantClear 8708->8709 8709->8707 8711 40c1be 8710->8711 8712 40c1b9 8710->8712 8711->8628 8713 40c153 VariantClear 8712->8713 8713->8711 8715 40f520 8714->8715 8716 40f53c 8715->8716 8725 40c21c 8715->8725 8716->8628 8721 40c0e1 8718->8721 8720 40c15b SysAllocString 8720->8694 8720->8695 8724 40c0e9 8721->8724 8722 40c102 VariantClear 8722->8720 8723 40c119 8723->8720 8724->8722 8724->8723 8726 40c225 8725->8726 8727 40c22a 8725->8727 8728 40c153 VariantClear 8726->8728 8727->8716 8728->8727 8730 40140b 2 API calls 8729->8730 8731 401465 8730->8731 8731->8644 8738 40301f 8732->8738 8734 40338f 8735 4033b0 8734->8735 8736 403394 GetLastError 8734->8736 8735->8647 8737 40339f 8736->8737 8737->8647 8739 403028 8738->8739 8740 40302c GetFileAttributesW 8738->8740 8739->8734 8741 403042 8740->8741 8742 40303d 8740->8742 8743 403060 8741->8743 8744 403046 SetFileAttributesW 8741->8744 8742->8734 8749 402f12 8743->8749 8745 403053 DeleteFileW 8744->8745 8746 40305c 8744->8746 8745->8734 8746->8734 8750 40279d ??2@YAPAXI ??3@YAXPAX 8749->8750 8751 402f29 8750->8751 8752 4027ee ??2@YAPAXI ??3@YAXPAX 8751->8752 8753 402f36 FindFirstFileW 8752->8753 8754 402fee SetFileAttributesW 8753->8754 8767 402f58 8753->8767 8756 403011 ??3@YAXPAX 8754->8756 8757 402ff9 RemoveDirectoryW 8754->8757 8755 40139c ??2@YAPAXI ??3@YAXPAX 8755->8767 8759 403019 8756->8759 8757->8756 8758 403006 ??3@YAXPAX 8757->8758 8758->8759 8759->8734 8760 401552 ??2@YAPAXI ??3@YAXPAX 8760->8767 8761 4027ee ??2@YAPAXI ??3@YAXPAX 8761->8767 8762 402f88 lstrcmpW 8764 402fd1 FindNextFileW 8762->8764 8765 402f9e lstrcmpW 8762->8765 8763 402fbd SetFileAttributesW 8763->8756 8766 402fc6 DeleteFileW 8763->8766 8764->8767 8768 402fe7 FindClose 8764->8768 8765->8764 8765->8767 8766->8767 8767->8755 8767->8756 8767->8760 8767->8761 8767->8762 8767->8763 8767->8764 8769 402f12 ??2@YAPAXI ??3@YAXPAX 8767->8769 8768->8754 8769->8767 8771 401be2 8770->8771 8772 401bb2 GetLastError 8770->8772 8771->8663 8773 401bcc GetFileAttributesW 8772->8773 8775 401bc1 8772->8775 8773->8771 8773->8775 8774 401bc2 SetLastError 8774->8663 8775->8771 8775->8774 8777 4021b3 19 API calls 8776->8777 8778 408de6 wvsprintfW 8777->8778 8779 408eb5 8778->8779 8780 408e07 GetLastError FormatMessageW 8778->8780 8783 408cee 27 API calls 8779->8783 8781 408e35 FormatMessageW 8780->8781 8782 408e4a lstrlenW lstrlenW ??2@YAPAXI lstrcpyW lstrcpyW 8780->8782 8781->8779 8781->8782 8787 408cee 8782->8787 8785 408ec1 8783->8785 8785->8673 8788 408d63 ??3@YAXPAX LocalFree 8787->8788 8789 408cfd 8787->8789 8788->8785 8790 407cb6 4 API calls 8789->8790 8791 408d0c IsWindow 8790->8791 8792 408d35 8791->8792 8793 408d23 IsBadReadPtr 8791->8793 8794 407d17 22 API calls 8792->8794 8793->8792 8795 408d5b 8794->8795 8797 407a8a ??3@YAXPAX 8795->8797 8797->8788 8799 40bfe5 2 API calls 8798->8799 8800 401a72 8799->8800 8800->8590 8800->8591 8802 40be4b FindCloseChangeNotification 8801->8802 8803 40bf27 8802->8803 8804 40bf50 8803->8804 8805 40bf2b CreateFileW 8803->8805 8804->8533 8805->8804 8806 409f10 8809 402788 8806->8809 8810 4026fb 47 API calls 8809->8810 8811 402791 8810->8811 8812 402796 8811->8812 8813 402797 malloc 8811->8813 8829 40e827 _EH_prolog 8841 40e85a 8829->8841 8830 40e987 8864 4011fd 8830->8864 8832 40e640 _CxxThrowException ??2@YAPAXI memcpy ??3@YAXPAX 8832->8841 8833 40e9b1 8836 40e9be ??2@YAPAXI 8833->8836 8834 40e99c 8915 40e585 8834->8915 8856 40e9d8 8836->8856 8837 40e7fd 15 API calls 8837->8841 8838 40c419 10 API calls ctype 8838->8841 8841->8830 8841->8832 8841->8837 8841->8838 8862 40e87c 8841->8862 8908 40e717 8841->8908 8912 40e563 8841->8912 8842 40ea22 8918 40e690 8842->8918 8843 40ea85 ??2@YAPAXI 8843->8856 8845 40e690 10 API calls 8845->8856 8849 40e585 ctype 10 API calls 8849->8856 8851 40eb02 8852 40e690 10 API calls 8851->8852 8853 40eb27 8852->8853 8854 40e585 ctype 10 API calls 8853->8854 8854->8862 8856->8842 8856->8843 8856->8845 8856->8849 8856->8851 8857 40ebc5 8856->8857 8856->8862 8874 40f112 8856->8874 8878 40e008 8856->8878 8921 40ed7f ??2@YAPAXI 8856->8921 8923 40f0bf 8856->8923 8859 40e690 10 API calls 8857->8859 8860 40ebe4 8859->8860 8861 40e585 ctype 10 API calls 8860->8861 8861->8862 8865 401261 SendMessageW 8864->8865 8866 40120b GetDiskFreeSpaceExW 8864->8866 8867 401249 8865->8867 8866->8865 8868 401223 8866->8868 8867->8833 8867->8834 8868->8865 8869 4021b3 19 API calls 8868->8869 8870 40123c 8869->8870 8871 408d65 27 API calls 8870->8871 8872 401242 8871->8872 8872->8867 8873 40125a 8872->8873 8873->8865 8875 40f13b 8874->8875 8927 40ef75 8875->8927 8931 40ffea 8878->8931 8881 40e025 8881->8856 8883 40e071 ??2@YAPAXI 8892 40e059 8883->8892 8884 40e139 8949 40dcfd 8884->8949 8886 40e095 ??2@YAPAXI 8886->8892 8892->8883 8892->8884 8892->8886 8982 40db28 ??2@YAPAXI 8892->8982 8909 40e726 8908->8909 8911 40e72c 8908->8911 8909->8841 8910 40e742 _CxxThrowException 8910->8909 8911->8909 8911->8910 8913 40c39f 4 API calls 8912->8913 8914 40e56b 8913->8914 8914->8841 8916 40c397 ctype 10 API calls 8915->8916 8917 40e593 8916->8917 8919 40db12 ctype 10 API calls 8918->8919 8920 40e69b 8919->8920 8922 40edb1 8921->8922 8922->8856 8924 40f0c4 8923->8924 8925 40f0eb 8924->8925 8926 40ee54 112 API calls 8924->8926 8925->8856 8926->8924 8930 40ef7a 8927->8930 8928 40efb0 8928->8856 8929 40ee54 112 API calls 8929->8930 8930->8928 8930->8929 8932 410003 8931->8932 8947 40e021 8931->8947 8932->8947 9015 40fdcb 8932->9015 8934 4101dd 8936 40c419 ctype 10 API calls 8934->8936 8935 40fdcb 14 API calls 8938 41009f 8935->8938 8936->8947 8938->8934 8939 4100cf 8938->8939 9022 40c419 8939->9022 8941 410155 8943 40c419 ctype 10 API calls 8941->8943 8942 4100d8 8942->8941 8944 40d7b5 _CxxThrowException ??2@YAPAXI memcpy ??3@YAXPAX 8942->8944 8945 410191 8943->8945 8944->8942 8946 40c419 ctype 10 API calls 8945->8946 8946->8947 8947->8881 8948 406edf InitializeCriticalSection 8947->8948 8948->8892 9101 40d794 8949->9101 8983 40db37 8982->8983 9127 40d7b5 8983->9127 9016 40c397 ctype 10 API calls 9015->9016 9017 40fdd7 9016->9017 9026 40c2ce 9017->9026 9019 40fdf3 9019->8934 9019->8935 9020 40fde1 9020->9019 9021 40e563 4 API calls 9020->9021 9021->9020 9023 40c3f8 9022->9023 9034 40c2ba 9023->9034 9027 40c362 9026->9027 9028 40c2e1 9026->9028 9027->9020 9029 40c2f0 _CxxThrowException 9028->9029 9030 40c320 ??2@YAPAXI 9028->9030 9031 40c352 ??3@YAXPAX 9028->9031 9029->9028 9030->9028 9032 40c336 memcpy 9030->9032 9031->9027 9032->9031 9038 401d26 VirtualFree 9034->9038 9040 409f20 9034->9040 9043 40df18 9034->9043 9050 40b7f0 9034->9050 9035 40c2cb ??3@YAXPAX 9035->8942 9038->9035 9041 401d3f free 9040->9041 9042 409f2a 9041->9042 9042->9035 9044 40df2d 9043->9044 9045 40df5b 9044->9045 9054 40dcb6 9044->9054 9067 40c3c7 9045->9067 9051 40b816 9050->9051 9052 401d3f free 9051->9052 9053 40b83c 9052->9053 9053->9035 9071 40d765 9054->9071 9057 40c419 ctype 10 API calls 9058 40dccf 9057->9058 9059 40c419 ctype 10 API calls 9058->9059 9060 40dcda 9059->9060 9061 40db12 ctype 10 API calls 9060->9061 9062 40dce5 9061->9062 9063 40db12 ctype 10 API calls 9062->9063 9064 40dced 9063->9064 9079 40dc88 9064->9079 9068 40c3db 9067->9068 9069 40c3ef 9068->9069 9100 40c368 memmove 9068->9100 9069->9035 9072 40d774 9071->9072 9073 40d77a 9071->9073 9088 406e83 SetEvent 9072->9088 9075 40d790 9073->9075 9091 406e27 WaitForSingleObject 9073->9091 9075->9057 9077 40d78a 9092 406dfd 9077->9092 9080 40d765 5 API calls 9079->9080 9081 40dc96 9080->9081 9082 406dfd 2 API calls 9081->9082 9083 40dc9f 9082->9083 9084 406dfd 2 API calls 9083->9084 9085 40dca8 9084->9085 9086 406dfd 2 API calls 9085->9086 9087 40dcb1 9086->9087 9096 406de7 9088->9096 9090 406e95 9090->9073 9091->9077 9093 406e1d 9092->9093 9094 406e08 CloseHandle 9092->9094 9093->9075 9094->9093 9095 406e13 GetLastError 9094->9095 9095->9093 9097 406df1 GetLastError 9096->9097 9098 406dee 9096->9098 9099 406dfb 9097->9099 9098->9090 9099->9090 9100->9069 9102 40c397 ctype 10 API calls 9101->9102 9103 40d79c 9102->9103 9104 40c397 ctype 10 API calls 9103->9104 9105 40d7a4 9104->9105 9106 40c397 ctype 10 API calls 9105->9106 9107 40d7ac 9106->9107 9130 40c39f 9127->9130 9131 40c3c6 9130->9131 9132 40c3a7 9130->9132 9131->8892 9133 40c2ce 4 API calls 9132->9133 9133->9131 9259 412dcf __set_app_type __p__fmode __p__commode 9260 412e3e 9259->9260 9261 412e52 9260->9261 9262 412e46 __setusermatherr 9260->9262 9271 412f46 _controlfp 9261->9271 9262->9261 9264 412e57 _initterm __getmainargs _initterm 9265 412eab GetStartupInfoA 9264->9265 9267 412edf GetModuleHandleA 9265->9267 9272 406da1 _EH_prolog 9267->9272 9271->9264 9275 405750 ?_set_new_handler@@YAP6AHI@ZP6AHI@Z 9272->9275 9632 401d4d GetModuleHandleW CreateWindowExW 9275->9632 9278 406d80 MessageBoxA 9280 406d97 exit _XcptFilter 9278->9280 9279 40578e 9279->9278 9281 4057a8 9279->9281 9282 401484 2 API calls 9281->9282 9283 4057df 9282->9283 9284 401484 2 API calls 9283->9284 9285 4057ea 9284->9285 9635 4044f2 9285->9635 9290 4027ee 2 API calls 9291 405828 9290->9291 9644 402e02 9291->9644 9293 405831 9658 404424 9293->9658 9297 405850 _wtol 9299 405866 9297->9299 9663 404932 #17 9299->9663 9300 404424 3 API calls 9301 405896 9300->9301 9302 4058d0 9301->9302 9303 40589c 9301->9303 9305 404424 3 API calls 9302->9305 9824 404ec8 9303->9824 9306 4058db 9305->9306 9307 4058e1 9306->9307 9308 4058ec 9306->9308 9846 4052d6 9307->9846 9311 404424 3 API calls 9308->9311 9309 4058a3 ??3@YAXPAX 9841 40453f 9309->9841 9317 4058fb 9311->9317 9313 4058b4 ??3@YAXPAX ??3@YAXPAX 9313->9280 9314 405930 GetModuleFileNameW 9315 405942 9314->9315 9316 405954 9314->9316 9319 408dd2 57 API calls 9315->9319 9320 404424 3 API calls 9316->9320 9317->9314 9318 40119e 2 API calls 9317->9318 9318->9314 9357 4058a1 9319->9357 9331 405976 9320->9331 9321 405b12 9322 4013d5 2 API calls 9321->9322 9323 405b22 9322->9323 9324 4013d5 2 API calls 9323->9324 9328 405b2f 9324->9328 9325 405a67 9327 404424 3 API calls 9325->9327 9326 405a34 9326->9325 9330 405a50 _wtol 9326->9330 9326->9357 9339 405ac6 9327->9339 9329 405bb4 9328->9329 9333 40139c 2 API calls 9328->9333 9689 4023cc 9329->9689 9330->9325 9331->9321 9331->9325 9331->9326 9331->9357 9854 401552 9331->9854 9335 405b64 9333->9335 9338 40139c 2 API calls 9335->9338 9337 40139c 2 API calls 9340 405bda ??2@YAPAXI 9337->9340 9344 405b7a 9338->9344 9339->9321 9341 404ac6 2 API calls 9339->9341 9342 405be6 9340->9342 9343 405af7 9341->9343 9692 40bf94 9342->9692 9343->9321 9345 4013d5 2 API calls 9343->9345 9346 4013d5 2 API calls 9344->9346 9345->9321 9347 405ba4 9346->9347 9349 4021b3 19 API calls 9347->9349 9351 405bab 9349->9351 9354 4027ee 2 API calls 9351->9354 9352 405c13 9355 408dd2 57 API calls 9352->9355 9353 405c39 9695 40284f 9353->9695 9354->9329 9355->9357 9357->9309 9360 405c4e 9361 405c54 9360->9361 9362 405c78 9360->9362 9363 408dd2 57 API calls 9361->9363 9364 405d0a 9362->9364 9366 404424 3 API calls 9362->9366 9365 405c5c ??3@YAXPAX 9363->9365 9367 40c397 ctype 10 API calls 9364->9367 9365->9357 9369 405c8f 9366->9369 9368 405d12 9367->9368 9370 405d37 9368->9370 9883 40342c 9368->9883 9369->9364 9377 405c95 9369->9377 9372 405cee ??3@YAXPAX 9370->9372 9391 405d40 9370->9391 9372->9357 9374 405d2c ??3@YAXPAX 9374->9357 9375 405db1 9729 404b35 9375->9729 9376 405d4c wsprintfW 9379 401484 2 API calls 9376->9379 9377->9372 9857 4054f0 9377->9857 9379->9391 9381 405cc4 9381->9372 9383 405cca 9381->9383 9382 401484 2 API calls 9382->9391 9384 408dd2 57 API calls 9383->9384 9386 405cd2 ??3@YAXPAX 9384->9386 9385 40139c ??2@YAPAXI ??3@YAXPAX 9385->9391 9386->9357 9387 4021b3 19 API calls 9387->9391 9388 406035 9390 404b35 26 API calls 9388->9390 9389 404247 lstrlenW lstrlenW _wcsnicmp 9435 405dba 9389->9435 9392 406044 9390->9392 9391->9375 9391->9376 9391->9382 9391->9385 9391->9387 9912 403305 ??2@YAPAXI 9391->9912 9918 4026c6 ??3@YAXPAX ??3@YAXPAX 9391->9918 9393 4061cc 9392->9393 9944 40247a AllocateAndInitializeSid 9392->9944 9788 4026dc 9393->9788 9399 40627d 9791 404620 9399->9791 9401 406069 9404 401484 2 API calls 9401->9404 9402 40279d 2 API calls 9445 4061e4 9402->9445 9406 406071 9404->9406 9409 401484 2 API calls 9406->9409 9407 406310 CoInitialize 9416 4026dc lstrcmpW 9407->9416 9408 4062a4 9411 4026dc lstrcmpW 9408->9411 9412 406079 GetCommandLineW 9409->9412 9415 4062b3 9411->9415 9417 404ac6 2 API calls 9412->9417 9413 40627f ??3@YAXPAX 9413->9399 9414 401484 ??2@YAPAXI ??3@YAXPAX 9414->9445 9418 4062c3 9415->9418 9421 4021b3 19 API calls 9415->9421 9419 406336 9416->9419 9420 406089 9417->9420 9981 4041d7 9418->9981 9422 40634a 9419->9422 9425 40139c 2 API calls 9419->9425 9423 40279d 2 API calls 9420->9423 9421->9418 9427 4041f0 16 API calls 9422->9427 9426 406094 9423->9426 9425->9422 9947 4048d8 9426->9947 9431 406350 9427->9431 9429 4013d5 2 API calls 9429->9445 9433 4026dc lstrcmpW 9431->9433 9432 407d17 22 API calls 9434 4062e6 9432->9434 9437 40635f 9433->9437 9984 407a8a ??3@YAXPAX 9434->9984 9435->9388 9435->9389 9460 405f99 _wtol 9435->9460 9489 406179 ??3@YAXPAX 9435->9489 9919 404d7f 9435->9919 9930 404677 9435->9930 9442 406373 9437->9442 9443 406366 _wtol 9437->9443 9439 40139c 2 API calls 9439->9445 9447 406399 9442->9447 9985 408f94 9442->9985 9443->9442 9444 4062f1 ??3@YAXPAX 9444->9357 9445->9399 9445->9402 9445->9413 9445->9414 9445->9429 9445->9439 9448 403305 7 API calls 9445->9448 9980 4026c6 ??3@YAXPAX ??3@YAXPAX 9445->9980 9446 4048f6 2 API calls 9449 4060cc 9446->9449 9452 406384 ??3@YAXPAX 9447->9452 9475 4063ad 9447->9475 10001 408ec7 9447->10001 9448->9445 9957 404914 9449->9957 9452->9447 9456 40625a ??3@YAXPAX 9458 4026dc lstrcmpW 9456->9458 9457 40157d 2 API calls 9459 4060e6 9457->9459 9458->9445 9461 4013d5 2 API calls 9459->9461 9460->9435 9464 4060f2 7 API calls 9461->9464 9462 401484 2 API calls 9462->9475 9962 404f96 9464->9962 9466 406532 ??3@YAXPAX 9466->9357 9467 4063eb GetKeyState 9467->9475 9468 40613b 9470 406145 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9468->9470 9471 406196 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9468->9471 9469 4026dc lstrcmpW 9469->9475 9474 40616c 9470->9474 9471->9309 9473 4061c1 9471->9473 9472 406592 9476 4065c8 9472->9476 9477 40659a 9472->9477 9473->9309 9474->9357 9475->9462 9475->9466 9475->9467 9475->9469 9475->9472 9481 401552 ??2@YAPAXI ??3@YAXPAX 9475->9481 9490 406582 ??3@YAXPAX ??3@YAXPAX 9475->9490 9491 406527 ??3@YAXPAX 9475->9491 9492 40654f 9475->9492 9493 40139c ??2@YAPAXI ??3@YAXPAX 9475->9493 10028 408474 9475->10028 10041 4084f2 9475->10041 9479 40136a 2 API calls 9476->9479 10049 404571 9477->10049 9483 4065d6 9479->9483 9481->9475 9486 4041f0 16 API calls 9483->9486 9485 4013d5 2 API calls 9487 4065b7 ??3@YAXPAX 9485->9487 9488 4065df 9486->9488 9498 4065ff 9487->9498 9494 4065f0 ??3@YAXPAX 9488->9494 9496 4013d5 2 API calls 9488->9496 9489->9357 9490->9357 9491->9475 9495 408dd2 57 API calls 9492->9495 9493->9475 9494->9498 9497 40655b ??3@YAXPAX ??3@YAXPAX 9495->9497 9496->9494 9497->9357 9499 406649 9498->9499 9500 40663c 9498->9500 10062 408532 9499->10062 9797 401758 ??2@YAPAXI 9500->9797 9503 406645 9504 406686 9503->9504 9505 40665b 9503->9505 9506 404620 22 API calls 9504->9506 10070 4044dc 9505->10070 9507 40668b 9506->9507 9510 406c7c 9507->9510 9511 401484 2 API calls 9507->9511 9513 406cf4 9510->9513 9514 4026dc lstrcmpW 9510->9514 9512 4066a9 9511->9512 9557 4066bc 9512->9557 10074 404a70 9512->10074 9516 406d37 ??3@YAXPAX ??3@YAXPAX 9513->9516 9521 4026dc lstrcmpW 9513->9521 9519 406cad 9514->9519 9517 406d50 9516->9517 9518 406d56 ??3@YAXPAX 9516->9518 9517->9518 9520 40453f 11 API calls 9518->9520 9519->9513 10138 4044c3 9519->10138 9522 406d67 ??3@YAXPAX ??3@YAXPAX 9520->9522 9523 406d13 9521->9523 9522->9280 9523->9516 9528 406d20 9523->9528 9524 401484 ??2@YAPAXI ??3@YAXPAX 9524->9557 9526 4066eb 9529 406b12 ??3@YAXPAX ??3@YAXPAX 9526->9529 9530 4066f8 9526->9530 9533 40136a 2 API calls 9528->9533 9537 406c1b 9529->9537 9535 4048f6 2 API calls 9530->9535 9531 4026dc lstrcmpW 9531->9557 9532 407d17 22 API calls 9536 406ce9 9532->9536 9534 406d2f 9533->9534 10142 405333 9534->10142 9540 406714 9535->9540 10141 407a8a ??3@YAXPAX 9536->10141 9538 406c73 ??3@YAXPAX 9537->9538 9543 404620 22 API calls 9537->9543 9538->9510 9545 4048f6 2 API calls 9540->9545 9541 406758 9546 40139c 2 API calls 9541->9546 9547 406c2a 9543->9547 9548 406721 9545->9548 9549 406761 9546->9549 9814 404ddd 9547->9814 9551 4013d5 2 API calls 9548->9551 9553 404224 20 API calls 9549->9553 9556 40672d ??3@YAXPAX ??3@YAXPAX GetFileAttributesW 9551->9556 9552 406b78 ??3@YAXPAX ??3@YAXPAX 9552->9537 9569 40676a 9553->9569 9554 40139c 2 API calls 9554->9557 9555 406c43 SetCurrentDirectoryW 9558 404ddd 4 API calls 9555->9558 9559 406754 9556->9559 9560 406b29 9556->9560 9557->9524 9557->9526 9557->9531 9557->9541 9557->9552 9557->9554 9561 401552 2 API calls 9557->9561 9562 406c6b 9558->9562 9559->9541 9563 4044dc 16 API calls 9560->9563 9564 4067f8 ??3@YAXPAX ??3@YAXPAX 9561->9564 9565 4044dc 16 API calls 9562->9565 9566 406b2e 9563->9566 9564->9557 9565->9538 9567 408dd2 57 API calls 9566->9567 9568 406b37 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9567->9568 9568->9357 9568->9474 9570 406897 _wtol 9569->9570 9571 404281 lstrlenW lstrlenW _wcsnicmp 9569->9571 9572 40695b 9569->9572 9570->9569 9571->9569 9573 406964 9572->9573 9574 4069b6 9572->9574 9575 406989 9573->9575 9576 40696a 9573->9576 9577 4013d5 2 API calls 9574->9577 9578 40139c 2 API calls 9575->9578 9579 40139c 2 API calls 9576->9579 9580 4069b4 9577->9580 9582 406987 9578->9582 9581 406975 9579->9581 9583 4027ee 2 API calls 9580->9583 9584 4027ee 2 API calls 9581->9584 9586 4026dc lstrcmpW 9582->9586 9585 4069c8 9583->9585 9588 40697e 9584->9588 9587 401484 2 API calls 9585->9587 9589 40699e 9586->9589 9590 4069d0 9587->9590 9591 4027ee 2 API calls 9588->9591 9589->9585 9593 4027ee 2 API calls 9589->9593 9592 404ac6 2 API calls 9590->9592 9591->9582 9594 4069dd 9592->9594 9593->9580 9595 40279d 2 API calls 9594->9595 9596 4069e8 9595->9596 9597 404224 20 API calls 9596->9597 9598 4069f1 9597->9598 9599 406acc 9598->9599 10083 402449 9598->10083 9600 406bfa ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9599->9600 9602 406ae0 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9599->9602 9600->9537 9602->9529 9603 406a06 9603->9599 9604 406a2c 9603->9604 9606 4027ee 2 API calls 9603->9606 9605 404224 20 API calls 9604->9605 9608 406a38 9605->9608 9607 406a20 9606->9607 9607->9604 9609 406aae 9608->9609 9610 406a3f 9608->9610 10090 40506d 9609->10090 9612 4048d8 2 API calls 9610->9612 9614 406a57 9612->9614 9613 406abc 9615 406b97 SetLastError 9613->9615 9616 406ac7 9613->9616 9617 4048f6 2 API calls 9614->9617 9619 406b9e 9615->9619 10135 4023e1 9616->10135 9620 406a67 9617->9620 9621 408dd2 57 API calls 9619->9621 9622 40157d 2 API calls 9620->9622 9623 406ba8 9621->9623 9624 406a74 ??3@YAXPAX ??3@YAXPAX 9622->9624 9625 4044dc 16 API calls 9623->9625 9626 404f96 9 API calls 9624->9626 9627 406bad 7 API calls 9625->9627 9628 406a98 9626->9628 9629 406bed 9627->9629 9630 406aa6 ??3@YAXPAX 9628->9630 9631 406b8f ??3@YAXPAX 9628->9631 9629->9600 9630->9616 9631->9619 9633 401d82 SetTimer GetMessageW DispatchMessageW KillTimer KiUserCallbackDispatcher 9632->9633 9634 401db5 GetVersionExW 9632->9634 9633->9634 9634->9278 9634->9279 9636 40119e 2 API calls 9635->9636 9637 404507 GetCommandLineW 9636->9637 9638 404ac6 9637->9638 9639 404b00 9638->9639 9640 404ad4 9638->9640 9641 404af8 9639->9641 9643 401552 2 API calls 9639->9643 9640->9641 9642 401552 2 API calls 9640->9642 9641->9290 9642->9640 9643->9639 9645 401484 2 API calls 9644->9645 9653 402e12 9645->9653 9646 402ef8 9647 4013d5 2 API calls 9646->9647 9648 402f05 ??3@YAXPAX 9647->9648 9648->9293 9649 401552 ??2@YAPAXI ??3@YAXPAX 9649->9653 9651 401484 2 API calls 9651->9653 9653->9646 9653->9649 9653->9651 9654 4013d5 2 API calls 9653->9654 10181 402867 9653->10181 10184 402b04 9653->10184 9655 402e72 ??3@YAXPAX 9654->9655 9656 401455 2 API calls 9655->9656 9657 402e87 ??3@YAXPAX ??3@YAXPAX 9656->9657 9657->9653 9659 404433 9658->9659 9660 404470 9659->9660 9661 40444d lstrlenW lstrlenW 9659->9661 9660->9297 9660->9299 10195 401ca0 9661->10195 9664 404949 9663->9664 9665 40215d 3 API calls 9664->9665 9666 40494e 9665->9666 9667 4021b3 19 API calls 9666->9667 9668 404955 9667->9668 9669 4021b3 19 API calls 9668->9669 9670 404961 9669->9670 9671 4021b3 19 API calls 9670->9671 9672 40496d 9671->9672 9673 4021b3 19 API calls 9672->9673 9674 404979 9673->9674 9675 4021b3 19 API calls 9674->9675 9676 404985 9675->9676 9677 4021b3 19 API calls 9676->9677 9678 404991 9677->9678 9679 4021b3 19 API calls 9678->9679 9685 40499d 9679->9685 9680 4049b8 SHGetSpecialFolderPathW 9681 4049d2 wsprintfW 9680->9681 9680->9685 9682 401484 2 API calls 9681->9682 9682->9685 9683 404a6b 9683->9300 9684 401484 2 API calls 9684->9685 9685->9680 9685->9683 9685->9684 9686 40139c ??2@YAPAXI ??3@YAXPAX 9685->9686 9688 403305 7 API calls 9685->9688 10205 4026c6 ??3@YAXPAX ??3@YAXPAX 9685->10205 9686->9685 9688->9685 10206 40239b LoadLibraryA GetProcAddress 9689->10206 9691 4023d1 9691->9337 10209 40bf72 9692->10209 9696 40253b 2 API calls 9695->9696 9697 402863 9696->9697 9698 403cbf 9697->9698 9699 40239b 3 API calls 9698->9699 9700 403ccd 9699->9700 9701 40284f 2 API calls 9700->9701 9702 403d06 9701->9702 9703 40284f 2 API calls 9702->9703 9704 403d0e 9703->9704 9705 40284f 2 API calls 9704->9705 9706 403d16 9705->9706 10215 403bce 9706->10215 9712 403dac 9713 403bce 7 API calls 9712->9713 9715 403dc2 9713->9715 9714 403bce 7 API calls 9719 403d53 9714->9719 9717 402c1a 10 API calls 9715->9717 9716 402c1a 10 API calls 9716->9719 9718 403dd4 9717->9718 10258 4029b5 9718->10258 9719->9712 9719->9714 9719->9716 9722 4029b5 2 API calls 9719->9722 10261 40297f 9719->10261 9722->9719 9723 403e4a ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 9723->9360 9724 403bce 7 API calls 9726 403dea 9724->9726 9725 402c1a 10 API calls 9725->9726 9726->9723 9726->9724 9726->9725 9727 40297f 2 API calls 9726->9727 9728 4029b5 2 API calls 9726->9728 9727->9726 9728->9726 9730 4026dc lstrcmpW 9729->9730 9731 404b4e 9730->9731 9732 404b9e 9731->9732 9734 40139c 2 API calls 9731->9734 9733 4026dc lstrcmpW 9732->9733 9736 404bbc 9733->9736 9735 404b65 9734->9735 9737 4021b3 19 API calls 9735->9737 9738 4026dc lstrcmpW 9736->9738 9739 404b6c 9737->9739 9740 404bd4 9738->9740 9741 4027ee 2 API calls 9739->9741 9743 4026dc lstrcmpW 9740->9743 9742 404b75 9741->9742 9744 40139c 2 API calls 9742->9744 9745 404bec 9743->9745 9746 404b8e 9744->9746 9748 4026dc lstrcmpW 9745->9748 9747 4021b3 19 API calls 9746->9747 9749 404b95 9747->9749 9750 404c04 9748->9750 9751 4027ee 2 API calls 9749->9751 9752 404c1b 9750->9752 9753 404c0b lstrcmpiW 9750->9753 9751->9732 9754 4026dc lstrcmpW 9752->9754 9753->9752 9755 404c31 9754->9755 9756 4026dc lstrcmpW 9755->9756 9757 404c5e 9756->9757 9758 404c6b 9757->9758 10291 4043d2 9757->10291 9760 4026dc lstrcmpW 9758->9760 9764 404c7f 9760->9764 9761 404c9f 9762 4026dc lstrcmpW 9761->9762 9772 404cb2 9762->9772 9764->9761 9765 4026dc lstrcmpW 9764->9765 10295 404379 9764->10295 9765->9764 9766 404cd2 9768 4026dc lstrcmpW 9766->9768 9769 404cde 9768->9769 9771 4026dc lstrcmpW 9769->9771 9770 4026dc lstrcmpW 9770->9772 9773 404cef 9771->9773 9772->9766 9772->9770 10299 4043aa 9772->10299 9774 4026dc lstrcmpW 9773->9774 9775 404d00 9774->9775 9776 404d16 9775->9776 9777 404d0d _wtol 9775->9777 9778 4026dc lstrcmpW 9776->9778 9777->9776 9779 404d22 9778->9779 9780 404d32 9779->9780 9781 404d29 _wtol 9779->9781 9782 4026dc lstrcmpW 9780->9782 9781->9780 9783 404d3e 9782->9783 9784 4026dc lstrcmpW 9783->9784 9785 404d56 9784->9785 9786 4026dc lstrcmpW 9785->9786 9787 404d6e 9786->9787 9787->9435 10307 402646 9788->10307 9792 404631 9791->9792 9793 404674 9791->9793 9794 40136a 2 API calls 9792->9794 9795 404224 20 API calls 9792->9795 9793->9407 9793->9408 9794->9792 9796 40464e SetEnvironmentVariableW ??3@YAXPAX 9795->9796 9796->9792 9796->9793 9798 401771 9797->9798 9813 40c5fe 3 API calls 9798->9813 9799 401795 9800 4017c0 9799->9800 10311 40110a 9799->10311 9802 408dd2 57 API calls 9800->9802 9812 4017c8 9802->9812 9804 4017e8 9805 401800 ??2@YAPAXI 9804->9805 9806 40371d 88 API calls 9804->9806 9807 401813 9805->9807 9808 40180c 9805->9808 9809 4017fb 9806->9809 10315 40163d 9807->10315 10334 40149c 9808->10334 9809->9805 9809->9812 9812->9503 9813->9799 9815 401484 2 API calls 9814->9815 9820 404dee 9815->9820 9816 40139c 2 API calls 9816->9820 9817 404e80 9819 404eba ??3@YAXPAX 9817->9819 9822 404ddd 3 API calls 9817->9822 9818 401552 2 API calls 9818->9820 9819->9555 9820->9816 9820->9817 9820->9818 9821 4026dc lstrcmpW 9820->9821 9821->9820 9823 404eb7 9822->9823 9823->9819 9825 407cb6 4 API calls 9824->9825 9826 404ee4 9825->9826 9827 4021b3 19 API calls 9826->9827 9828 404ef2 9827->9828 9829 40279d 2 API calls 9828->9829 9834 404efc 9829->9834 9830 404f32 wsprintfW 9831 4027ee 2 API calls 9830->9831 9833 404f60 9831->9833 9832 4027ee ??2@YAPAXI ??3@YAXPAX 9832->9834 9835 4027ee 2 API calls 9833->9835 9834->9830 9834->9832 9836 404f6d 9835->9836 9837 407d17 22 API calls 9836->9837 9838 404f82 ??3@YAXPAX 9837->9838 10752 407a8a ??3@YAXPAX 9838->10752 9840 404f93 9840->9357 9842 40c397 ctype 10 API calls 9841->9842 9843 40454d 9842->9843 9844 40c2ba ctype 10 API calls 9843->9844 9845 40c402 ??3@YAXPAX 9844->9845 9845->9313 9847 4052e3 9846->9847 9853 4052ff 9846->9853 9849 4052f5 _wtol 9847->9849 9847->9853 9848 404f96 9 API calls 9850 405322 9848->9850 9849->9853 9851 405330 9850->9851 9852 40532a GetLastError 9850->9852 9851->9357 9852->9851 9853->9848 9855 40140b 2 API calls 9854->9855 9856 40155c 9855->9856 9856->9331 9858 40c019 2 API calls 9857->9858 9859 40551c 9858->9859 9860 405578 9859->9860 9861 40279d 2 API calls 9859->9861 9862 40284f 2 API calls 9860->9862 9868 40552b 9861->9868 9863 405580 9862->9863 9864 4028e5 2 API calls 9863->9864 9865 40558d 9864->9865 9866 40297f 2 API calls 9865->9866 9869 40559a 9866->9869 9867 4055e9 ??3@YAXPAX 9882 4055e5 9867->9882 9868->9867 9870 40371d 88 API calls 9868->9870 9871 40297f 2 API calls 9869->9871 9872 40554f 9870->9872 9873 4055a7 9871->9873 9872->9867 9875 40c019 2 API calls 9872->9875 9874 40297f 2 API calls 9873->9874 9876 4055b4 9874->9876 9877 40556b 9875->9877 9878 40c662 2 API calls 9876->9878 9877->9867 9879 40556f ??3@YAXPAX 9877->9879 9880 4055c8 9878->9880 9879->9860 9880->9867 9881 4055d1 ??3@YAXPAX 9880->9881 9881->9882 9882->9381 9884 40284f 2 API calls 9883->9884 9890 403441 9884->9890 9885 4036e0 ??3@YAXPAX 9887 403717 9885->9887 9886 401484 ??2@YAPAXI ??3@YAXPAX 9886->9890 9887->9370 9887->9374 9888 40284f 2 API calls 9888->9890 9889 402b04 ??2@YAPAXI ??3@YAXPAX MultiByteToWideChar 9889->9890 9890->9885 9890->9886 9890->9888 9890->9889 9891 4013d5 2 API calls 9890->9891 9893 4036ec 9890->9893 9898 4035bf strncmp 9890->9898 9902 4013d5 2 API calls 9890->9902 9903 402957 2 API calls 9890->9903 9907 402957 ??2@YAPAXI ??3@YAXPAX 9890->9907 9908 403674 lstrlenW wcsncmp 9890->9908 9909 402646 lstrcmpW 9890->9909 9910 403305 7 API calls 9890->9910 9911 40139c 2 API calls 9890->9911 10753 40268e 9890->10753 10757 4026c6 ??3@YAXPAX ??3@YAXPAX 9890->10757 9892 4034b2 ??3@YAXPAX ??3@YAXPAX 9891->9892 9892->9890 9892->9893 10758 402d5c 9893->10758 9897 40370d ??3@YAXPAX 9897->9887 9898->9890 9900 4035aa strncmp 9898->9900 9900->9890 9900->9898 9904 40362c ??3@YAXPAX 9902->9904 9903->9900 9905 402e02 9 API calls 9904->9905 9906 40363d lstrcmpW 9905->9906 9906->9890 9907->9890 9908->9890 9909->9890 9910->9890 9911->9890 9913 40331f 9912->9913 9914 403314 9912->9914 9916 40d7b5 4 API calls 9913->9916 10777 4029e3 9914->10777 9917 40332b 9916->9917 9917->9391 9918->9391 9920 40279d 2 API calls 9919->9920 9921 404d91 9920->9921 9922 4027ee 2 API calls 9921->9922 9927 404d9e 9922->9927 9923 404dba 9924 4027ee 2 API calls 9923->9924 9926 404dc4 9924->9926 9925 401552 2 API calls 9925->9927 9928 404677 94 API calls 9926->9928 9927->9923 9927->9925 9929 404dcf ??3@YAXPAX 9928->9929 9929->9435 9931 4046ba 9930->9931 9932 40468e lstrlenW 9930->9932 9931->9435 9933 401ca0 CharUpperW 9932->9933 9934 4046a4 9933->9934 9934->9931 9934->9932 9935 4046c1 9934->9935 9936 40279d 2 API calls 9935->9936 9937 4046ca 9936->9937 10782 402b4c 9937->10782 9940 40342c 87 API calls 9941 404738 9940->9941 9942 404742 ??3@YAXPAX ??3@YAXPAX 9941->9942 9943 404759 ??3@YAXPAX ??3@YAXPAX 9941->9943 9942->9931 9943->9931 9945 4024d7 9944->9945 9946 4024bd CheckTokenMembership FreeSid 9944->9946 9945->9393 9945->9401 9946->9945 9948 4044f2 2 API calls 9947->9948 9949 4048e6 9948->9949 9950 401455 2 API calls 9949->9950 9951 4048f1 9950->9951 9952 4048f6 9951->9952 9953 40136a 2 API calls 9952->9953 9954 404904 9953->9954 9955 4027ee 2 API calls 9954->9955 9956 40490f 9955->9956 9956->9446 9958 40136a 2 API calls 9957->9958 9959 404922 9958->9959 9960 401552 2 API calls 9959->9960 9961 40492d 9960->9961 9961->9457 9963 401484 2 API calls 9962->9963 9964 404fa7 9963->9964 9965 401484 2 API calls 9964->9965 9966 404faf memset 9965->9966 9967 404fdd 9966->9967 9968 404ac6 2 API calls 9967->9968 9969 405000 9968->9969 9970 40139c 2 API calls 9969->9970 9971 40500b 9970->9971 9972 405010 ??3@YAXPAX 9971->9972 9973 405029 ShellExecuteExW 9971->9973 9974 40501b ??3@YAXPAX 9972->9974 9975 405043 9973->9975 9976 405069 9973->9976 9974->9468 9977 405057 CloseHandle 9975->9977 9978 40504c WaitForSingleObject 9975->9978 9979 405060 ??3@YAXPAX 9976->9979 9977->9979 9978->9977 9979->9974 9980->9456 9982 407cb6 4 API calls 9981->9982 9983 4041df 9982->9983 9983->9432 9984->9444 9986 409218 9985->9986 9998 408fb3 9985->9998 9986->9452 9987 407cb6 4 API calls 9987->9998 9988 408532 25 API calls 9988->9998 9989 4026dc lstrcmpW 9989->9998 9990 408474 25 API calls 9990->9998 9992 4084f2 25 API calls 9992->9998 9993 4041d7 4 API calls 9993->9998 9994 4021b3 19 API calls 9994->9998 9996 408dd2 57 API calls 9996->9998 9997 4044c3 4 API calls 9997->9998 9998->9986 9998->9987 9998->9988 9998->9989 9998->9990 9998->9992 9998->9993 9998->9994 9998->9996 9998->9997 9999 408d65 27 API calls 9998->9999 10000 407d17 22 API calls 9998->10000 10792 407d91 9998->10792 10796 407a8a ??3@YAXPAX 9998->10796 9999->9998 10000->9998 10002 4026dc lstrcmpW 10001->10002 10003 408edb 10002->10003 10004 408ee9 10003->10004 10797 401c0b GetStdHandle WriteFile 10003->10797 10006 408efc 10004->10006 10798 401c0b GetStdHandle WriteFile 10004->10798 10008 408f11 10006->10008 10799 401c0b GetStdHandle WriteFile 10006->10799 10010 408f22 10008->10010 10800 401c0b GetStdHandle WriteFile 10008->10800 10012 4026dc lstrcmpW 10010->10012 10013 408f2f 10012->10013 10014 408f3d 10013->10014 10801 401c0b GetStdHandle WriteFile 10013->10801 10016 4026dc lstrcmpW 10014->10016 10017 408f4a 10016->10017 10018 408f58 10017->10018 10802 401c0b GetStdHandle WriteFile 10017->10802 10020 4026dc lstrcmpW 10018->10020 10021 408f65 10020->10021 10022 408f73 10021->10022 10803 401c0b GetStdHandle WriteFile 10021->10803 10023 4026dc lstrcmpW 10022->10023 10026 408f80 10023->10026 10025 408f90 10025->9447 10026->10025 10804 401c0b GetStdHandle WriteFile 10026->10804 10029 408497 10028->10029 10030 4084ca 10029->10030 10031 4084ac 10029->10031 10808 407e9b 10030->10808 10805 407e69 10031->10805 10036 407d17 22 API calls 10038 4084c5 10036->10038 10037 407d17 22 API calls 10037->10038 10811 407a8a ??3@YAXPAX 10038->10811 10040 4084ed 10040->9475 10042 408507 10041->10042 10043 407e82 4 API calls 10042->10043 10044 408512 10043->10044 10045 407d17 22 API calls 10044->10045 10046 408523 10045->10046 10815 407a8a ??3@YAXPAX 10046->10815 10048 40852d 10048->9475 10050 401484 2 API calls 10049->10050 10051 404582 10050->10051 10052 4027d6 2 API calls 10051->10052 10053 40458b GetTempPathW 10052->10053 10054 4045a4 10053->10054 10059 4045bb 10053->10059 10055 4027d6 2 API calls 10054->10055 10056 4045af GetTempPathW 10055->10056 10056->10059 10057 4027d6 2 API calls 10058 4045de wsprintfW 10057->10058 10058->10059 10059->10057 10060 4045f5 GetFileAttributesW 10059->10060 10061 404619 10059->10061 10060->10059 10060->10061 10061->9485 10063 408545 10062->10063 10816 407eb4 10063->10816 10066 407d17 22 API calls 10067 40857a 10066->10067 10819 407a8a ??3@YAXPAX 10067->10819 10069 408584 10069->9503 10071 4044f0 ??3@YAXPAX ??3@YAXPAX 10070->10071 10072 4044e5 10070->10072 10071->9357 10073 40301f 16 API calls 10072->10073 10073->10071 10075 4026dc lstrcmpW 10074->10075 10077 404a8f 10075->10077 10076 404ac4 10076->9557 10077->10076 10078 40139c 2 API calls 10077->10078 10079 404a9e 10078->10079 10080 404224 20 API calls 10079->10080 10081 404aa4 10080->10081 10081->10076 10082 401552 2 API calls 10081->10082 10082->10076 10084 402457 10083->10084 10089 402452 10083->10089 10085 40239b 3 API calls 10084->10085 10086 40245c 10085->10086 10088 40246d 10086->10088 10820 402415 LoadLibraryA GetProcAddress 10086->10820 10088->9603 10089->9603 10091 401484 2 API calls 10090->10091 10092 405082 10091->10092 10093 401484 2 API calls 10092->10093 10094 40508a GetCommandLineW 10093->10094 10095 404ac6 2 API calls 10094->10095 10096 40509a 10095->10096 10097 4048d8 2 API calls 10096->10097 10098 4050cd 10097->10098 10099 4048f6 2 API calls 10098->10099 10100 4050da 10099->10100 10101 4048f6 2 API calls 10100->10101 10102 4050e7 10101->10102 10103 404914 2 API calls 10102->10103 10104 4050f4 10103->10104 10105 404914 2 API calls 10104->10105 10106 405101 10105->10106 10107 404914 2 API calls 10106->10107 10108 40510e 10107->10108 10109 404914 2 API calls 10108->10109 10110 40511b 10109->10110 10111 4048f6 2 API calls 10110->10111 10112 405128 10111->10112 10113 4048f6 2 API calls 10112->10113 10114 405135 10113->10114 10115 4048f6 2 API calls 10114->10115 10116 405142 10115->10116 10117 4013d5 2 API calls 10116->10117 10118 40514e 12 API calls 10117->10118 10119 4051e3 GetLastError 10118->10119 10120 405206 CreateJobObjectW 10118->10120 10121 4051eb ??3@YAXPAX ??3@YAXPAX 10119->10121 10122 405281 ResumeThread WaitForSingleObject 10120->10122 10123 40521e AssignProcessToJobObject 10120->10123 10121->9613 10124 405291 CloseHandle GetExitCodeProcess 10122->10124 10123->10122 10125 40522c CreateIoCompletionPort 10123->10125 10126 4052b7 CloseHandle 10124->10126 10127 4052ae GetLastError 10124->10127 10125->10122 10128 40523e SetInformationJobObject ResumeThread 10125->10128 10129 4052c0 CloseHandle 10126->10129 10130 4052c3 10126->10130 10127->10126 10131 40526c GetQueuedCompletionStatus 10128->10131 10129->10130 10132 4052c9 CloseHandle 10130->10132 10133 4052ce 10130->10133 10131->10122 10134 405266 10131->10134 10132->10133 10133->10121 10134->10124 10134->10131 10136 402405 10135->10136 10137 4023ea LoadLibraryA GetProcAddress 10135->10137 10136->9599 10137->10136 10139 407cb6 4 API calls 10138->10139 10140 4044cb 10139->10140 10140->9532 10141->9513 10143 4054e5 ??3@YAXPAX 10142->10143 10144 405349 10142->10144 10146 4054eb 10143->10146 10144->10143 10145 40535d GetDriveTypeW 10144->10145 10145->10143 10147 405389 10145->10147 10146->9516 10148 404571 6 API calls 10147->10148 10149 405397 CreateFileW 10148->10149 10150 4053bd 10149->10150 10151 4054af ??3@YAXPAX ??3@YAXPAX 10149->10151 10152 401484 2 API calls 10150->10152 10151->10146 10153 4053c6 10152->10153 10154 40139c 2 API calls 10153->10154 10155 4053d3 10154->10155 10156 4027ee 2 API calls 10155->10156 10157 4053e1 10156->10157 10158 401455 2 API calls 10157->10158 10159 4053ed 10158->10159 10160 4027ee 2 API calls 10159->10160 10161 4053fb 10160->10161 10162 4027ee 2 API calls 10161->10162 10163 405408 10162->10163 10164 401455 2 API calls 10163->10164 10165 405414 10164->10165 10166 4027ee 2 API calls 10165->10166 10167 405421 10166->10167 10168 4027ee 2 API calls 10167->10168 10169 40542a 10168->10169 10170 401455 2 API calls 10169->10170 10171 405436 10170->10171 10172 4027ee 2 API calls 10171->10172 10173 40543f 10172->10173 10174 402b4c 3 API calls 10173->10174 10175 405451 WriteFile ??3@YAXPAX CloseHandle 10174->10175 10176 4054c0 10175->10176 10177 40547f 10175->10177 10179 40301f 16 API calls 10176->10179 10177->10176 10178 405487 SetFileAttributesW ShellExecuteW ??3@YAXPAX 10177->10178 10178->10151 10180 4054c8 ??3@YAXPAX ??3@YAXPAX ??3@YAXPAX 10179->10180 10180->10146 10190 40253b 10181->10190 10185 401484 2 API calls 10184->10185 10186 402b10 10185->10186 10187 402b48 10186->10187 10188 4027d6 2 API calls 10186->10188 10187->9653 10189 402b2d MultiByteToWideChar 10188->10189 10189->10187 10191 402575 10190->10191 10192 402549 ??2@YAPAXI 10190->10192 10191->9653 10192->10191 10193 40255a ??3@YAXPAX 10192->10193 10193->10191 10196 401cee 10195->10196 10198 401cae 10195->10198 10196->9660 10197 40c271 CharUpperW 10197->10198 10198->10196 10198->10197 10199 401cfb 10198->10199 10203 40c271 CharUpperW 10199->10203 10201 401d0b 10204 40c271 CharUpperW 10201->10204 10203->10201 10204->10196 10205->9685 10207 4023c8 10206->10207 10208 4023bc GetNativeSystemInfo 10206->10208 10207->9691 10208->9691 10212 40bf55 10209->10212 10213 40bf1c 2 API calls 10212->10213 10214 405c0f 10213->10214 10214->9352 10214->9353 10265 4028e5 10215->10265 10218 4028e5 2 API calls 10219 403bf5 10218->10219 10269 402a39 10219->10269 10222 40291f 2 API calls 10223 403c12 ??3@YAXPAX 10222->10223 10224 402a39 3 API calls 10223->10224 10225 403c2d 10224->10225 10226 40291f 2 API calls 10225->10226 10227 403c38 ??3@YAXPAX 10226->10227 10228 403c78 10227->10228 10229 403c4e 10227->10229 10231 403ca5 10228->10231 10232 403c7e wsprintfA 10228->10232 10229->10228 10230 403c53 wsprintfA 10229->10230 10235 40297f 2 API calls 10230->10235 10234 40297f 2 API calls 10231->10234 10233 40297f 2 API calls 10232->10233 10236 403c9a 10233->10236 10237 403cb2 10234->10237 10238 403c6d 10235->10238 10239 40297f 2 API calls 10236->10239 10240 40297f 2 API calls 10237->10240 10241 40297f 2 API calls 10238->10241 10239->10231 10242 403cba 10240->10242 10241->10228 10243 402c1a 10242->10243 10244 402c27 10243->10244 10252 40c5fe 3 API calls 10244->10252 10245 402c39 lstrlenA lstrlenA 10250 402c66 10245->10250 10246 402d11 memmove 10249 402d44 10246->10249 10246->10250 10247 402cee memcmp 10247->10250 10248 402cb1 memcmp 10248->10249 10248->10250 10254 40291f 10249->10254 10250->10246 10250->10247 10250->10248 10250->10249 10253 40c5ca GetLastError 10250->10253 10284 402957 10250->10284 10252->10245 10253->10250 10255 40292b 10254->10255 10257 40293c 10254->10257 10256 40253b 2 API calls 10255->10256 10256->10257 10257->9719 10259 402587 2 API calls 10258->10259 10260 4029c5 10259->10260 10260->9726 10262 40298e 10261->10262 10263 402587 2 API calls 10262->10263 10264 40299b 10263->10264 10264->9719 10266 4028fb 10265->10266 10267 40253b 2 API calls 10266->10267 10268 402908 10267->10268 10268->10218 10271 402a54 10269->10271 10270 402a6b 10272 40284f 2 API calls 10270->10272 10271->10270 10273 402a60 10271->10273 10275 402a74 10272->10275 10281 402897 10273->10281 10277 40253b 2 API calls 10275->10277 10276 402a69 10276->10222 10278 402a7d 10277->10278 10279 402897 2 API calls 10278->10279 10280 402aab ??3@YAXPAX 10279->10280 10280->10276 10282 40253b 2 API calls 10281->10282 10283 4028b2 10282->10283 10283->10276 10287 402587 10284->10287 10288 4025cb 10287->10288 10289 40259b 10287->10289 10288->10250 10290 40253b 2 API calls 10289->10290 10290->10288 10292 4043f0 10291->10292 10303 404316 10292->10303 10296 404386 10295->10296 10297 404316 _wtol 10296->10297 10298 4043a7 10297->10298 10298->9764 10300 4043b7 10299->10300 10301 404316 _wtol 10300->10301 10302 4043cf 10301->10302 10302->9772 10306 404320 10303->10306 10304 40433b _wtol 10304->10306 10305 404374 10305->9758 10306->10304 10306->10305 10308 402651 10307->10308 10309 40267a 10308->10309 10310 40265d lstrcmpW 10308->10310 10309->9445 10310->10308 10310->10309 10339 4103d0 10311->10339 10347 40f93c _EH_prolog 10311->10347 10312 40112a 10312->9800 10312->9804 10316 401650 10315->10316 10317 40139c 2 API calls 10316->10317 10318 40165d 10317->10318 10319 401552 2 API calls 10318->10319 10320 401666 CreateThread 10319->10320 10321 401695 10320->10321 10322 40169a WaitForSingleObject 10320->10322 10746 40130f 10320->10746 10323 408532 25 API calls 10321->10323 10324 4016b7 10322->10324 10325 4016e9 10322->10325 10323->10322 10326 4016d5 10324->10326 10330 4016c6 10324->10330 10327 4016f1 GetExitCodeThread 10325->10327 10328 4016e5 10325->10328 10331 408dd2 57 API calls 10326->10331 10329 401708 10327->10329 10328->9812 10329->10328 10329->10330 10332 401737 SetLastError 10329->10332 10330->10328 10333 408dd2 57 API calls 10330->10333 10331->10328 10332->10330 10333->10328 10335 401484 2 API calls 10334->10335 10336 4014b5 10335->10336 10337 401484 2 API calls 10336->10337 10338 4014c1 10337->10338 10338->9807 10340 4103e2 10339->10340 10345 40c5fe 3 API calls 10340->10345 10341 4103f6 10342 41042d 10341->10342 10346 40c5fe 3 API calls 10341->10346 10342->10312 10343 41040a 10343->10342 10363 410275 10343->10363 10345->10341 10346->10343 10348 40f95c 10347->10348 10349 4103d0 11 API calls 10348->10349 10350 40f981 10349->10350 10351 40f9a3 10350->10351 10352 40f98a 10350->10352 10391 411d7e _EH_prolog 10351->10391 10394 40f55c 10352->10394 10376 40d650 10363->10376 10365 4102a1 10365->10342 10366 41028d 10366->10365 10379 40d5b6 10366->10379 10369 41036e ??3@YAXPAX 10369->10365 10371 410357 memmove 10372 4102da 10371->10372 10372->10369 10372->10371 10373 410383 memcpy 10372->10373 10374 410379 ??3@YAXPAX 10372->10374 10375 40c5fe 3 API calls 10373->10375 10374->10365 10375->10374 10387 40d605 10376->10387 10380 40d600 memcpy 10379->10380 10381 40d5c3 10379->10381 10380->10372 10382 40d5c8 ??2@YAPAXI 10381->10382 10383 40d5ee 10381->10383 10384 40d5f0 ??3@YAXPAX 10382->10384 10385 40d5d8 memmove 10382->10385 10383->10384 10384->10380 10385->10384 10388 40d649 10387->10388 10389 40d617 10387->10389 10388->10366 10389->10388 10390 40c5ca GetLastError 10389->10390 10390->10389 10402 411af9 10391->10402 10729 40f3ec 10394->10729 10424 40f21d 10402->10424 10547 40f18e 10424->10547 10548 40c397 ctype 10 API calls 10547->10548 10549 40f197 10548->10549 10550 40c397 ctype 10 API calls 10549->10550 10551 40f19f 10550->10551 10552 40c397 ctype 10 API calls 10551->10552 10553 40f1a7 10552->10553 10554 40c397 ctype 10 API calls 10553->10554 10555 40f1af 10554->10555 10556 40c397 ctype 10 API calls 10555->10556 10557 40f1b7 10556->10557 10558 40c397 ctype 10 API calls 10557->10558 10559 40f1bf 10558->10559 10560 40c397 ctype 10 API calls 10559->10560 10561 40f1c9 10560->10561 10562 40c397 ctype 10 API calls 10561->10562 10563 40f1d1 10562->10563 10564 40c397 ctype 10 API calls 10563->10564 10565 40f1de 10564->10565 10566 40c397 ctype 10 API calls 10565->10566 10567 40f1e6 10566->10567 10568 40c397 ctype 10 API calls 10567->10568 10569 40f1f3 10568->10569 10570 40c397 ctype 10 API calls 10569->10570 10571 40f1fb 10570->10571 10572 40c397 ctype 10 API calls 10571->10572 10573 40f208 10572->10573 10574 40c397 ctype 10 API calls 10573->10574 10575 40f210 10574->10575 10730 40c397 ctype 10 API calls 10729->10730 10731 40f3fa 10730->10731 10747 401318 10746->10747 10749 40132b 10746->10749 10748 40131a Sleep 10747->10748 10747->10749 10748->10747 10750 401364 10749->10750 10751 401356 EndDialog 10749->10751 10751->10750 10752->9840 10754 4026c3 10753->10754 10755 40269b lstrcmpW 10753->10755 10754->9890 10756 4026b2 10755->10756 10756->10754 10756->10755 10757->9890 10759 402d77 10758->10759 10760 402d6b 10758->10760 10762 40284f 2 API calls 10759->10762 10776 401c0b GetStdHandle WriteFile 10760->10776 10766 402d81 10762->10766 10763 402d72 10775 4026c6 ??3@YAXPAX ??3@YAXPAX 10763->10775 10764 402dac 10765 402b04 3 API calls 10764->10765 10767 402dbe 10765->10767 10766->10764 10770 402957 2 API calls 10766->10770 10768 402de0 10767->10768 10769 402dcc 10767->10769 10772 408dd2 57 API calls 10768->10772 10771 408dd2 57 API calls 10769->10771 10770->10766 10773 402ddb ??3@YAXPAX ??3@YAXPAX 10771->10773 10772->10773 10773->10763 10775->9897 10776->10763 10778 40136a 2 API calls 10777->10778 10779 4029f1 10778->10779 10780 40136a 2 API calls 10779->10780 10781 4029fd 10780->10781 10781->9913 10783 40284f 2 API calls 10782->10783 10784 402b5b 10783->10784 10785 402b97 10784->10785 10788 4028cd 10784->10788 10785->9940 10789 4028d9 10788->10789 10790 4028df WideCharToMultiByte 10788->10790 10791 40253b 2 API calls 10789->10791 10790->10785 10791->10790 10793 407da1 10792->10793 10794 407d9c 10792->10794 10793->10794 10795 407d17 22 API calls 10793->10795 10794->9998 10795->10794 10796->9998 10797->10004 10798->10006 10799->10008 10800->10010 10801->10014 10802->10018 10803->10022 10804->10025 10806 407cb6 4 API calls 10805->10806 10807 407e71 10806->10807 10807->10036 10812 407e82 10808->10812 10811->10040 10813 407cb6 4 API calls 10812->10813 10814 407e8a 10813->10814 10814->10037 10815->10048 10817 407cb6 4 API calls 10816->10817 10818 407ebc 10817->10818 10818->10066 10819->10069 10821 402437 10820->10821 10821->10089 8814 40b990 8815 40b9ad 8814->8815 8816 40b9bc 8815->8816 8819 409f70 8815->8819 8820 409f7a 8819->8820 8824 409f9a 8820->8824 8825 401d3f 8820->8825 8823 402788 48 API calls 8823->8824 8826 401d46 free 8825->8826 8827 401d4c 8825->8827 8826->8827 8827->8823 9250 40159b 9251 4015b8 9250->9251 9252 4015a8 9250->9252 9255 401521 ??3@YAXPAX 9252->9255 9256 401534 9255->9256 9257 40153a ??3@YAXPAX 9255->9257 9256->9257 9258 40154a ??3@YAXPAX 9257->9258 9258->9251 8828 40bfa2 ReadFile

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 00405750 Relevance: 231.1, APIs: 93, Strings: 38, Instructions: 1811keyboardwindowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z.MSVCRT ref: 00405763
                                                                                                                                                                                      • Part of subcall function 00401D4D: GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401D59
                                                                                                                                                                                      • Part of subcall function 00401D4D: CreateWindowExW.USER32(00000000,Static,004144C8,00000000,000000F6,000000F6,00000005,00000005,00000000,00000000,00000000), ref: 00401D76
                                                                                                                                                                                      • Part of subcall function 00401D4D: SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 00401D88
                                                                                                                                                                                      • Part of subcall function 00401D4D: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00401D95
                                                                                                                                                                                      • Part of subcall function 00401D4D: DispatchMessageW.USER32(?), ref: 00401D9F
                                                                                                                                                                                      • Part of subcall function 00401D4D: KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401DA8
                                                                                                                                                                                      • Part of subcall function 00401D4D: KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401DAF
                                                                                                                                                                                    • GetVersionExW.KERNEL32(?,?,00000000), ref: 00405780
                                                                                                                                                                                    • GetCommandLineW.KERNEL32(?,00000020,?,00000000), ref: 00405811
                                                                                                                                                                                      • Part of subcall function 00402E02: ??3@YAXPAX@Z.MSVCRT ref: 00402E75
                                                                                                                                                                                      • Part of subcall function 00402E02: ??3@YAXPAX@Z.MSVCRT ref: 00402E90
                                                                                                                                                                                      • Part of subcall function 00402E02: ??3@YAXPAX@Z.MSVCRT ref: 00402E98
                                                                                                                                                                                      • Part of subcall function 00402E02: ??3@YAXPAX@Z.MSVCRT ref: 00402F08
                                                                                                                                                                                      • Part of subcall function 00404424: lstrlenW.KERNEL32(00405844,00000000,00000020,-00000002,00405844,-00000002,00000000,00000000,00000000), ref: 00404458
                                                                                                                                                                                      • Part of subcall function 00404424: lstrlenW.KERNEL32(?), ref: 00404460
                                                                                                                                                                                    • _wtol.MSVCRT(-00000002,00000000,00000000), ref: 00405854
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004058A6
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004058BA
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004058C2
                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,00000208,00000000,00000000), ref: 00405938
                                                                                                                                                                                    • _wtol.MSVCRT(-00000002), ref: 00405A54
                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00405BDC
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405C5F
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405CD5
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405CF1
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405D2F
                                                                                                                                                                                    • wsprintfW.USER32 ref: 00405D59
                                                                                                                                                                                      • Part of subcall function 00403305: ??2@YAPAXI@Z.MSVCRT ref: 0040330A
                                                                                                                                                                                      • Part of subcall function 004026C6: ??3@YAXPAX@Z.MSVCRT ref: 004026CC
                                                                                                                                                                                      • Part of subcall function 004026C6: ??3@YAXPAX@Z.MSVCRT ref: 004026D3
                                                                                                                                                                                    • GetCommandLineW.KERNEL32(?,?,00000000,0000000A), ref: 0040607D
                                                                                                                                                                                      • Part of subcall function 00404247: lstrlenW.KERNEL32(|g@,00000000,?,00000000,0040428E,00000000,00000000,0040677C,?,waitall,00000000,00000000,?,?,004187D0), ref: 00404254
                                                                                                                                                                                      • Part of subcall function 00404247: lstrlenW.KERNEL32(?,?,?,004187D0), ref: 0040425D
                                                                                                                                                                                      • Part of subcall function 00404247: _wcsnicmp.MSVCRT ref: 00404269
                                                                                                                                                                                    • _wtol.MSVCRT(00000002,?,00000000,0000000A), ref: 00405F9A
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004060F5
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004060FD
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406105
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040610D
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406115
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(000000FF,000000FF,?,?,?,?,00000000), ref: 00406121
                                                                                                                                                                                    • SetProcessWorkingSetSize.KERNEL32(00000000), ref: 00406128
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406145
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040614D
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406155
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040615D
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040617C
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406196
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040619E
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004061A6
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004061AE
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040625D
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004062F4
                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00406321
                                                                                                                                                                                    • _wtol.MSVCRT(00000000), ref: 00406367
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406389
                                                                                                                                                                                    • GetKeyState.USER32(00000010), ref: 004063ED
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406527
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406535
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040655E
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406566
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406582
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040658A
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004065BA
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004065FA
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406663
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040666B
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406730
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040673B
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,00000000,?,?,?,?,00000000,AutoInstall,?,?,004187D0), ref: 00406745
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004067FF
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406807
                                                                                                                                                                                    • _wtol.MSVCRT(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040689B
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406A7A
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406A82
                                                                                                                                                                                      • Part of subcall function 00404F96: memset.MSVCRT ref: 00404FBA
                                                                                                                                                                                      • Part of subcall function 00404F96: ??3@YAXPAX@Z.MSVCRT ref: 00405013
                                                                                                                                                                                      • Part of subcall function 00404F96: ??3@YAXPAX@Z.MSVCRT ref: 0040501B
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406AA6
                                                                                                                                                                                      • Part of subcall function 004023E1: LoadLibraryA.KERNEL32(kernel32,Wow64RevertWow64FsRedirection,00406ACC,00000000,?,?), ref: 004023F4
                                                                                                                                                                                      • Part of subcall function 004023E1: GetProcAddress.KERNEL32(00000000), ref: 004023FB
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406AEF
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406AF7
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406AFF
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406B05
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406B8F
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BB0
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BB8
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BC0
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BC6
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BCE
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BD6
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BDE
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406BFD
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406C05
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406C0D
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406C13
                                                                                                                                                                                    • SetCurrentDirectoryW.KERNELBASE(?,?,?,?,?,?,00000000,?,?), ref: 00406C4C
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406C76
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406282
                                                                                                                                                                                      • Part of subcall function 00407D17: ??3@YAXPAX@Z.MSVCRT ref: 00407D77
                                                                                                                                                                                      • Part of subcall function 00407D17: ??3@YAXPAX@Z.MSVCRT ref: 00407D7F
                                                                                                                                                                                      • Part of subcall function 00407A8A: ??3@YAXPAX@Z.MSVCRT ref: 00407A93
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406D3A
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406D42
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406D59
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406D6D
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00406D75
                                                                                                                                                                                    • MessageBoxA.USER32(00000000,Sorry, this program requires Microsoft Windows 2000 or later.,7-Zip SFX,00000010), ref: 00406D8E
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$_wtol$lstrlen$Message$??2@CommandCurrentFileLineModuleProcessTimer$?_set_new_handler@@AddressAttributesCallbackCreateDirectoryDispatchDispatcherHandleInitializeKillLibraryLoadNameProcSizeStateUserVersionWindowWorking_wcsnicmpmemsetwsprintf
                                                                                                                                                                                    • String ID: " -$7-Zip SFX$7ZipSfx.%03x$7zSfxString%d$AutoInstall$BeginPrompt$BeginPromptTimeout$Delete$ExecuteFile$ExecuteParameters$FinishMessage$GUIFlags$GUIMode$HelpText$InstallPath$MiscFlags$OverwriteMode$RunProgram$SelfDelete$SetEnvironment$Shortcut$Sorry, this program requires Microsoft Windows 2000 or later.$amd64$bpt$del$forcenowait$hidcon$i386$nowait$setup.exe$sfxconfig$sfxelevation$sfxversion$sfxwaitall$shc$waitall$x64$x86
                                                                                                                                                                                    • API String ID: 1141480454-1804565692
                                                                                                                                                                                    • Opcode ID: 70a7d65285e36a262c3a2cf8e4b5a9e43de99ee9e9d9800a26e684d4ceed3c9c
                                                                                                                                                                                    • Instruction ID: 839f8ad789dc81d3af8c82f495bd702834d4a62b9ebc11d4b30192562ff1c903
                                                                                                                                                                                    • Opcode Fuzzy Hash: 70a7d65285e36a262c3a2cf8e4b5a9e43de99ee9e9d9800a26e684d4ceed3c9c
                                                                                                                                                                                    • Instruction Fuzzy Hash: E9D2DE71904208AADB10AF61DD46AEF37A8EF40318F54403FF906B61E1EB7D99A1CB5D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401841 Relevance: 22.8, APIs: 15, Instructions: 304COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 724 401841-401851 725 401853-401858 724->725 726 40185d-401888 call 40d7d7 call 40f78d 724->726 727 401b9b-401b9e 725->727 731 40188a 726->731 732 40189b-4018a7 call 401484 726->732 733 40188c-401896 call 40c125 731->733 738 401b7d-401b98 ??3@YAXPAX@Z call 40c125 732->738 739 4018ad-4018b2 732->739 740 401b9a 733->740 738->740 739->738 741 4018b8-4018ee call 40139c call 40157d call 4013d5 ??3@YAXPAX@Z 739->741 740->727 751 401b63-401b66 741->751 752 4018f4-401913 741->752 753 401b68-401b7b ??3@YAXPAX@Z call 40c125 751->753 756 401915-401929 call 40c125 ??3@YAXPAX@Z 752->756 757 40192e-401932 752->757 753->740 756->733 760 401934-401937 757->760 761 401939-40193e 757->761 763 401966-40197d 760->763 764 401960-401963 761->764 765 401940 761->765 763->756 768 40197f-4019a2 763->768 764->763 766 401942-401948 765->766 770 40194a-40195b call 40c125 ??3@YAXPAX@Z 766->770 773 4019a4-4019b8 call 40c125 ??3@YAXPAX@Z 768->773 774 4019bd-4019c3 768->774 770->733 773->733 777 4019c5-4019c8 774->777 778 4019df-4019f1 GetLocalTime SystemTimeToFileTime 774->778 780 4019d1-4019dd 777->780 781 4019ca-4019cc 777->781 782 4019f7-4019fa 778->782 780->782 781->766 783 401a13-401a1a call 4033b3 782->783 784 4019fc-401a06 call 40371d 782->784 788 401a1f-401a24 783->788 784->770 789 401a0c-401a0e 784->789 790 401a2a-401a2d 788->790 791 401b4f-401b5e GetLastError 788->791 789->766 792 401a33-401a3d ??2@YAPAXI@Z 790->792 793 401b45-401b48 790->793 791->751 795 401a4e 792->795 796 401a3f-401a4c 792->796 793->791 797 401a50-401a74 call 401132 call 40c019 795->797 796->797 802 401b2a-401b43 call 40114b call 40c125 797->802 803 401a7a-401a98 GetLastError call 40136a call 4030f3 797->803 802->753 812 401ad5-401aea call 40371d 803->812 813 401a9a-401aa1 803->813 819 401af6-401b0e call 40c019 812->819 820 401aec-401af4 812->820 815 401aa5-401ab5 ??3@YAXPAX@Z 813->815 817 401ab7-401ab9 815->817 818 401abd-401ad0 call 40c125 ??3@YAXPAX@Z 815->818 817->818 818->733 826 401b10-401b1f GetLastError 819->826 827 401b21-401b29 ??3@YAXPAX@Z 819->827 820->815 826->815 827->802
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 7167abf796ffcdcfa3baa95343edb7a312bc631a7dd817c4ecd6387e6776e974
                                                                                                                                                                                    • Instruction ID: 0cae968632e73b1968c90da9ca4dea23e5e4de3726d7a027592f3d205df29353
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7167abf796ffcdcfa3baa95343edb7a312bc631a7dd817c4ecd6387e6776e974
                                                                                                                                                                                    • Instruction Fuzzy Hash: 22B14A71900209EFCB14EFA5D8849EEB7B5FF44314B10852BF412BB2A1EB78A945CB58
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004033B3 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 947 4033b3-4033ca GetFileAttributesW 948 4033d0-4033d2 947->948 949 4033cc-4033ce 947->949 951 4033e1-4033e8 948->951 952 4033d4-4033df SetLastError 948->952 950 403429-40342b 949->950 953 4033f3-4033f6 951->953 954 4033ea-4033f1 call 403386 951->954 952->950 956 403426-403428 953->956 957 4033f8-403409 FindFirstFileW 953->957 954->950 956->950 957->954 959 40340b-403424 FindClose CompareFileTime 957->959 959->954 959->956
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,-00000001), ref: 004033C1
                                                                                                                                                                                    • SetLastError.KERNEL32(00000010), ref: 004033D6
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesErrorFileLast
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1799206407-0
                                                                                                                                                                                    • Opcode ID: 7f02d877fe96693e79d52cb70461d1cf76c14600a7221cb4648c6da81f4608cf
                                                                                                                                                                                    • Instruction ID: 608ba71f646b69bc36d7accade446189952d3e61ba5e6ec9fefd2cffda7f1f25
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7f02d877fe96693e79d52cb70461d1cf76c14600a7221cb4648c6da81f4608cf
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3A01D6315001156BDB105FB4AC8D9DA3B5CAF51327F504632F922F11E0EB38D741465D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00412DCF Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 830 412dcf-412e44 __set_app_type __p__fmode __p__commode call 412f5b 833 412e52-412ea9 call 412f46 _initterm __getmainargs _initterm 830->833 834 412e46-412e51 __setusermatherr 830->834 837 412ee5-412ee8 833->837 838 412eab-412eb3 833->838 834->833 841 412ec2-412ec6 837->841 842 412eea-412eee 837->842 839 412eb5-412eb7 838->839 840 412eb9-412ebc 838->840 839->838 839->840 840->841 843 412ebe-412ebf 840->843 844 412ec8-412eca 841->844 845 412ecc-412edd GetStartupInfoA 841->845 842->837 843->841 844->843 844->845 846 412ef0-412ef2 845->846 847 412edf-412ee3 845->847 848 412ef3-412f20 GetModuleHandleA call 406da1 exit _XcptFilter 846->848 847->848
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 801014965-0
                                                                                                                                                                                    • Opcode ID: 329fb5ec40b1a3e22881c27b52012f5837425f84134cca069eaa34249d5edeef
                                                                                                                                                                                    • Instruction ID: 4f71473f6c996e876dfffe8074da0a06471e4f97bcacb5e315fccfc2763ddc53
                                                                                                                                                                                    • Opcode Fuzzy Hash: 329fb5ec40b1a3e22881c27b52012f5837425f84134cca069eaa34249d5edeef
                                                                                                                                                                                    • Instruction Fuzzy Hash: B241AEB4940348AFCB209FA4DD49AEA7BB8FB49710F20412FF841D7291DBB849D1DB59
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401D4D Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 47timewindowCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000000,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401D59
                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,Static,004144C8,00000000,000000F6,000000F6,00000005,00000005,00000000,00000000,00000000), ref: 00401D76
                                                                                                                                                                                    • SetTimer.USER32(00000000,00000001,00000001,00000000), ref: 00401D88
                                                                                                                                                                                    • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00401D95
                                                                                                                                                                                    • DispatchMessageW.USER32(?), ref: 00401D9F
                                                                                                                                                                                    • KillTimer.USER32(00000000,00000001,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401DA8
                                                                                                                                                                                    • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,0040576F,?,00000000), ref: 00401DAF
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MessageTimer$CallbackCreateDispatchDispatcherHandleKillModuleUserWindow
                                                                                                                                                                                    • String ID: Static
                                                                                                                                                                                    • API String ID: 2479445380-2272013587
                                                                                                                                                                                    • Opcode ID: 003be153fc8e0c227edcd4b239f3674ac5eb22499557d269a0105fd8ff32caa2
                                                                                                                                                                                    • Instruction ID: eff3e12e9f1823bf2594ac1749915e0bfe43eaadbfefd36aad20e809da0bd704
                                                                                                                                                                                    • Opcode Fuzzy Hash: 003be153fc8e0c227edcd4b239f3674ac5eb22499557d269a0105fd8ff32caa2
                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF0F4715421257BDA202BA6AC4DFDF3E6CDFC6BB2F114261FA19A10D0DA784081C6B9
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040371D Relevance: 10.6, APIs: 7, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 854 40371d-403743 lstrlenW call 40279d 857 403745-403749 call 40119e 854->857 858 40374e-40375a 854->858 857->858 860 403762-403768 858->860 861 40375c-403760 858->861 862 40376b-40376d 860->862 861->860 861->862 863 403791-40379a call 401ba1 862->863 866 403780-403782 863->866 867 40379c-4037af GetSystemTimeAsFileTime GetFileAttributesW 863->867 868 403784-403786 866->868 869 40376f-403777 866->869 870 4037b1-4037bf call 4033b3 867->870 871 4037c8-4037d1 call 401ba1 867->871 873 403840-403846 868->873 874 40378c 868->874 869->868 872 403779-40377d 869->872 870->871 886 4037c1-4037c3 870->886 882 4037e2-4037e4 871->882 883 4037d3-4037e0 call 408dd2 871->883 872->868 880 40377f 872->880 878 403870-403883 call 408dd2 ??3@YAXPAX@Z 873->878 879 403848-403853 873->879 874->863 893 403885-403889 878->893 879->878 884 403855-403859 879->884 880->866 889 403834-40383e ??3@YAXPAX@Z 882->889 890 4037e6-403805 memcpy 882->890 883->886 884->878 888 40385b-403860 884->888 892 403865-40386e ??3@YAXPAX@Z 886->892 888->878 895 403862-403864 888->895 889->893 896 403807 890->896 897 40381a-40381e 890->897 892->893 895->892 898 403819 896->898 899 403820-40382d call 401ba1 897->899 900 403809-403811 897->900 898->897 899->883 904 40382f-403832 899->904 900->899 901 403813-403817 900->901 901->898 901->899 904->889 904->890
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenW.KERNEL32(004017FB,00000000,?,?,?,?,?,?,004017FB,?), ref: 0040372A
                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?,004017FB,?,?,?,?,004017FB,?), ref: 004037A0
                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,?,?,004017FB,?), ref: 004037A7
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403866
                                                                                                                                                                                      • Part of subcall function 0040119E: ??2@YAPAXI@Z.MSVCRT ref: 004011BE
                                                                                                                                                                                      • Part of subcall function 0040119E: ??3@YAXPAX@Z.MSVCRT ref: 004011E4
                                                                                                                                                                                    • memcpy.MSVCRT ref: 004037F8
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403835
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040387B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$FileTime$??2@AttributesSystemlstrlenmemcpy
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 846840743-0
                                                                                                                                                                                    • Opcode ID: 914ab71f777ae717cb467d1eb1d7a081186af0028341e36a64339d3dd51420dd
                                                                                                                                                                                    • Instruction ID: 3276eaba2f91510ab784efe6cdcb99c4529a15556bd6a795246fe739cc12f76e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 914ab71f777ae717cb467d1eb1d7a081186af0028341e36a64339d3dd51420dd
                                                                                                                                                                                    • Instruction Fuzzy Hash: AB41EBB6900115A6D720BF698945ABF7BBCEF00716F50817BF901B32C1E77C9A4242ED
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040239B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 905 40239b-4023ba LoadLibraryA GetProcAddress 906 4023c8-4023cb 905->906 907 4023bc-4023c7 GetNativeSystemInfo 905->907
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32,GetNativeSystemInfo,?,?,?,?,?,004023D1,00405BCF,00418818,00418818), ref: 004023AB
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 004023B2
                                                                                                                                                                                    • GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,004023D1,00405BCF,00418818,00418818), ref: 004023C0
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressInfoLibraryLoadNativeProcSystem
                                                                                                                                                                                    • String ID: GetNativeSystemInfo$kernel32
                                                                                                                                                                                    • API String ID: 2103483237-3846845290
                                                                                                                                                                                    • Opcode ID: 29c8b91972701315efc4f7d7d8bddbd6f250053e02b88915a068c2978826be41
                                                                                                                                                                                    • Instruction ID: afd952334ce5608e5f84ab2444d6511bb433925e4e51cff7b4d4dc1f25dbb455
                                                                                                                                                                                    • Opcode Fuzzy Hash: 29c8b91972701315efc4f7d7d8bddbd6f250053e02b88915a068c2978826be41
                                                                                                                                                                                    • Instruction Fuzzy Hash: 35D05EB070030877CB10EBB56D0EADB32F859C8B487100461A902F10C0EABCDE80C378
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00410275 Relevance: 7.6, APIs: 5, Instructions: 141COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 908 410275-410292 call 40d650 911 410298-41029f call 40fd7e 908->911 912 4103ca-4103cd 908->912 915 4102a1-4102a3 911->915 916 4102a8-4102d7 call 40d5b6 memcpy 911->916 915->912 919 4102da-4102e2 916->919 920 4102e4-4102f2 919->920 921 4102fa-410312 919->921 922 4102f4 920->922 923 41036e-410377 ??3@YAXPAX@Z 920->923 927 410314-410319 921->927 928 410379 921->928 922->921 926 4102f6-4102f8 922->926 924 4103c8-4103c9 923->924 924->912 926->921 926->923 930 41031b-410323 927->930 931 41037e-410381 927->931 929 41037b-41037c 928->929 932 4103c1-4103c6 ??3@YAXPAX@Z 929->932 933 410325 930->933 934 410357-410369 memmove 930->934 931->929 932->924 935 410334-410338 933->935 934->919 936 41033a-41033c 935->936 937 41032c-41032e 935->937 936->934 939 41033e-410347 call 40fd7e 936->939 937->934 938 410330-410331 937->938 938->935 942 410383-4103b9 memcpy call 40c5fe 939->942 943 410349-410355 939->943 945 4103bc-4103bf 942->945 943->934 944 410327-41032a 943->944 944->935 945->932
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@memcpymemmove
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3549172513-0
                                                                                                                                                                                    • Opcode ID: 23d71014aecfca26dd25615912aaa6ab70287be060eead5d2c89b44186cf1809
                                                                                                                                                                                    • Instruction ID: 63a56fa8281db28ad90281e808061650b4139096c2ab0ad2d55df77e1dad3be2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 23d71014aecfca26dd25615912aaa6ab70287be060eead5d2c89b44186cf1809
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0B41A171A00208ABDB24DFA5C944AEEB7B4FF44744F14456EE841E7241D7B8EEC18B59
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040E827 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 388COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 960 40e827-40e86f _EH_prolog call 401132 963 40e871-40e874 960->963 964 40e877-40e87a 960->964 963->964 965 40e890-40e8b5 964->965 966 40e87c-40e881 964->966 967 40e8b7-40e8bd 965->967 968 40e883-40e885 966->968 969 40e889-40e88b 966->969 970 40e8c3-40e8c7 967->970 971 40e987-40e99a call 4011fd 967->971 968->969 972 40ecf3-40ed04 969->972 973 40e8c9-40e8cc 970->973 974 40e8cf-40e8de 970->974 981 40e9b1-40e9d6 call 40deaa ??2@YAPAXI@Z 971->981 982 40e99c-40e9a6 call 40e585 971->982 973->974 975 40e8e0-40e8f6 call 40e640 call 40e7fd call 40c419 974->975 976 40e903-40e908 974->976 998 40e8fb-40e901 975->998 979 40e916-40e950 call 40e640 call 40e7fd call 40c419 call 40e717 976->979 980 40e90a-40e914 976->980 985 40e953-40e969 979->985 980->979 980->985 994 40e9e1-40e9fa call 401132 call 40d1d1 981->994 995 40e9d8-40e9df call 40d2a4 981->995 1000 40e9aa-40e9ac 982->1000 991 40e96c-40e974 985->991 997 40e976-40e985 call 40e563 991->997 991->998 1014 40e9fd-40ea20 call 40d1c6 994->1014 995->994 997->991 998->967 1000->972 1017 40ea22-40ea27 1014->1017 1018 40ea56-40ea59 1014->1018 1019 40ea29-40ea2b 1017->1019 1020 40ea2f-40ea47 call 40e690 call 40e585 1017->1020 1021 40ea85-40eaa9 ??2@YAPAXI@Z 1018->1021 1022 40ea5b-40ea60 1018->1022 1019->1020 1040 40ea49-40ea4b 1020->1040 1041 40ea4f-40ea51 1020->1041 1024 40eab4 1021->1024 1025 40eaab-40eab2 call 40ed7f 1021->1025 1026 40ea62-40ea64 1022->1026 1027 40ea68-40ea7e call 40e690 call 40e585 1022->1027 1031 40eab6-40eacd call 401132 1024->1031 1025->1031 1026->1027 1027->1021 1042 40eadb-40eb00 call 40f112 1031->1042 1043 40eacf-40ead8 1031->1043 1040->1041 1041->972 1046 40eb02-40eb07 1042->1046 1047 40eb43-40eb46 1042->1047 1043->1042 1050 40eb09-40eb0b 1046->1050 1051 40eb0f-40eb14 1046->1051 1048 40eb4c-40eba9 call 40e763 call 40e611 call 40e008 1047->1048 1049 40ecae-40ecb3 1047->1049 1065 40ebae-40ebb3 1048->1065 1055 40ecb5-40ecb6 1049->1055 1056 40ecbb-40ecdf 1049->1056 1050->1051 1053 40eb16-40eb18 1051->1053 1054 40eb1c-40eb34 call 40e690 call 40e585 1051->1054 1053->1054 1066 40eb36-40eb38 1054->1066 1067 40eb3c-40eb3e 1054->1067 1055->1056 1056->972 1056->1014 1068 40ec15-40ec1b 1065->1068 1069 40ebb5 1065->1069 1066->1067 1067->972 1070 40ec21-40ec23 1068->1070 1071 40ec1d-40ec1f 1068->1071 1072 40ebb7 1069->1072 1073 40ebc5-40ebc7 1070->1073 1074 40ec25-40ec31 1070->1074 1071->1072 1075 40ebba-40ebc3 call 40f0bf 1072->1075 1079 40ebc9-40ebca 1073->1079 1080 40ebcf-40ebd1 1073->1080 1076 40ec33-40ec35 1074->1076 1077 40ec37-40ec3d 1074->1077 1075->1073 1086 40ec02-40ec04 1075->1086 1076->1075 1077->1056 1083 40ec3f-40ec45 1077->1083 1079->1080 1081 40ebd3-40ebd5 1080->1081 1082 40ebd9-40ebf1 call 40e690 call 40e585 1080->1082 1081->1082 1082->1000 1093 40ebf7-40ebfd 1082->1093 1083->1056 1089 40ec06-40ec08 1086->1089 1090 40ec0c-40ec10 1086->1090 1089->1090 1090->1056 1093->1000
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _EH_prolog.MSVCRT ref: 0040E830
                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040E9CE
                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 0040EAA1
                                                                                                                                                                                      • Part of subcall function 0040ED7F: ??2@YAPAXI@Z.MSVCRT ref: 0040EDA7
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??2@$H_prolog
                                                                                                                                                                                    • String ID: <]A
                                                                                                                                                                                    • API String ID: 3431946709-3707672569
                                                                                                                                                                                    • Opcode ID: 04cf34d8ff487bea99b6e38d770e7741b1dc371dfc0d2de79d58089e98610788
                                                                                                                                                                                    • Instruction ID: fb09e060f7b5ded2eb6e5006c13314ba223be2c96fd0a2c6114c4de45a1c8ed0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 04cf34d8ff487bea99b6e38d770e7741b1dc371dfc0d2de79d58089e98610788
                                                                                                                                                                                    • Instruction Fuzzy Hash: 00F14970600208DFDB24DF6AC884AAA77E5BF48314F14496AFC16AB292DB39ED51CF54
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404932 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1096 404932-4049b3 #17 call 412910 call 40215d call 4021b3 * 7 1115 4049b8-4049cc SHGetSpecialFolderPathW 1096->1115 1116 404a61-404a65 1115->1116 1117 4049d2-404a1c wsprintfW call 401484 * 2 call 40139c * 2 call 403305 1115->1117 1116->1115 1119 404a6b-404a6f 1116->1119 1128 404a21-404a27 1117->1128 1129 404a51-404a57 1128->1129 1130 404a29-404a4c call 40139c * 2 call 403305 1128->1130 1129->1128 1132 404a59-404a5c call 4026c6 1129->1132 1130->1129 1132->1116
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • #17.COMCTL32(00000000,00000020,-00000002), ref: 0040493E
                                                                                                                                                                                      • Part of subcall function 0040215D: GetUserDefaultUILanguage.KERNEL32(0040494E), ref: 00402167
                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32(00000000,00000020,-00000002), ref: 00402202
                                                                                                                                                                                      • Part of subcall function 004021B3: wsprintfW.USER32 ref: 00402213
                                                                                                                                                                                      • Part of subcall function 004021B3: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00402228
                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32 ref: 0040222D
                                                                                                                                                                                      • Part of subcall function 004021B3: ??2@YAPAXI@Z.MSVCRT ref: 00402248
                                                                                                                                                                                      • Part of subcall function 004021B3: GetEnvironmentVariableW.KERNEL32(?,00000000,00000004), ref: 0040225B
                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32 ref: 00402262
                                                                                                                                                                                      • Part of subcall function 004021B3: lstrcmpiW.KERNEL32(00000000,00404955), ref: 00402277
                                                                                                                                                                                      • Part of subcall function 004021B3: ??3@YAXPAX@Z.MSVCRT ref: 00402287
                                                                                                                                                                                      • Part of subcall function 004021B3: SetLastError.KERNEL32(?), ref: 004022AE
                                                                                                                                                                                      • Part of subcall function 004021B3: lstrlenA.KERNEL32(00415208), ref: 004022E2
                                                                                                                                                                                      • Part of subcall function 004021B3: ??2@YAPAXI@Z.MSVCRT ref: 004022FD
                                                                                                                                                                                      • Part of subcall function 004021B3: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 0040232F
                                                                                                                                                                                      • Part of subcall function 004021B3: ??3@YAXPAX@Z.MSVCRT ref: 004022A5
                                                                                                                                                                                      • Part of subcall function 004021B3: _wtol.MSVCRT(?), ref: 00402340
                                                                                                                                                                                      • Part of subcall function 004021B3: MultiByteToWideChar.KERNEL32(00000000,00415208,00000001,00000000,00000002), ref: 00402360
                                                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000000,00000000), ref: 004049C4
                                                                                                                                                                                    • wsprintfW.USER32 ref: 004049DF
                                                                                                                                                                                      • Part of subcall function 00403305: ??2@YAPAXI@Z.MSVCRT ref: 0040330A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$??2@$??3@EnvironmentVariablewsprintf$ByteCharDefaultFolderInfoLanguageLocaleMultiPathSpecialUserWide_wtollstrcmpilstrlen
                                                                                                                                                                                    • String ID: 7zSfxFolder%02d
                                                                                                                                                                                    • API String ID: 3387708999-2820892521
                                                                                                                                                                                    • Opcode ID: f726563fb2b2250325101bcf8807e48b976bb1d9adb6114e41abcfa48ef34141
                                                                                                                                                                                    • Instruction ID: ef9653e53972978df07657c60cee51bcb8c88d210e083c37f24b76d073d3d503
                                                                                                                                                                                    • Opcode Fuzzy Hash: f726563fb2b2250325101bcf8807e48b976bb1d9adb6114e41abcfa48ef34141
                                                                                                                                                                                    • Instruction Fuzzy Hash: 38316371D002099BDB01FBA1ED8AADE7B78AB40304F14407FA619B61E1EFB956448B58
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402C1A Relevance: 6.4, APIs: 5, Instructions: 118stringCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1138 402c1a-402c64 call 412c00 call 40c5fe lstrlenA * 2 1142 402c69-402c85 call 40c5ca 1138->1142 1144 402d55 1142->1144 1145 402c8b-402c90 1142->1145 1146 402d57-402d5b 1144->1146 1145->1144 1147 402c96-402ca0 1145->1147 1148 402ca3-402ca8 1147->1148 1149 402ce7-402cec 1148->1149 1150 402caa-402caf 1148->1150 1151 402d11-402d35 memmove 1149->1151 1152 402cee-402d01 memcmp 1149->1152 1150->1151 1153 402cb1-402cc4 memcmp 1150->1153 1158 402d44-402d4f 1151->1158 1159 402d37-402d3e 1151->1159 1156 402ce1-402ce5 1152->1156 1157 402d03-402d0f 1152->1157 1154 402d51-402d53 1153->1154 1155 402cca-402cd4 1153->1155 1154->1146 1155->1144 1160 402cd6-402cdc call 402957 1155->1160 1156->1148 1157->1148 1158->1146 1159->1158 1161 402c66 1159->1161 1160->1156 1161->1142
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00403D3A,00418818,?,?,00405C4E,00000000,00000000,?,?,?,00000000,-00000002), ref: 00402C4C
                                                                                                                                                                                    • lstrlenA.KERNEL32(?,?,00403D3A,00418818,?,?,00405C4E,00000000,00000000,?,?,?,00000000,-00000002), ref: 00402C54
                                                                                                                                                                                    • memcmp.MSVCRT ref: 00402CBA
                                                                                                                                                                                    • memcmp.MSVCRT ref: 00402CF7
                                                                                                                                                                                    • memmove.MSVCRT ref: 00402D29
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: lstrlenmemcmp$memmove
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3251180759-0
                                                                                                                                                                                    • Opcode ID: a05ed66240b8c48cd1d6013260c459d9ae8ab5bba4ea14475bffcaa69264c57e
                                                                                                                                                                                    • Instruction ID: b3b94cb524035ad5456d55853ae81138a361194cb35f605d71d704438a574b18
                                                                                                                                                                                    • Opcode Fuzzy Hash: a05ed66240b8c48cd1d6013260c459d9ae8ab5bba4ea14475bffcaa69264c57e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4A417E72D0425AAFDF01DFA4C9889EEBBB9FF08344F14406AE805B3291D3B49E55CB55
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040163D Relevance: 6.1, APIs: 4, Instructions: 100synchronizationthreadCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1165 40163d-401693 call 40114b call 40139c call 401552 CreateThread 1172 401695 call 408532 1165->1172 1173 40169a-4016b5 WaitForSingleObject 1165->1173 1172->1173 1175 4016b7-4016ba 1173->1175 1176 4016e9-4016ef 1173->1176 1177 4016bc-4016bf 1175->1177 1178 4016dd 1175->1178 1179 4016f1-401706 GetExitCodeThread 1176->1179 1180 40174d 1176->1180 1183 4016c1-4016c4 1177->1183 1184 4016d9-4016db 1177->1184 1185 4016df-4016e7 call 408dd2 1178->1185 1181 401710-40171b 1179->1181 1182 401708-40170a 1179->1182 1186 401752-401755 1180->1186 1188 401723-40172c 1181->1188 1189 40171d-40171e 1181->1189 1182->1181 1187 40170c-40170e 1182->1187 1190 4016d5-4016d7 1183->1190 1191 4016c6-4016c9 1183->1191 1184->1185 1185->1180 1187->1186 1194 401737-401743 SetLastError 1188->1194 1195 40172e-401735 1188->1195 1193 401720-401721 1189->1193 1190->1185 1196 4016d0-4016d3 1191->1196 1197 4016cb-4016ce 1191->1197 1199 401745-40174a call 408dd2 1193->1199 1194->1199 1195->1180 1195->1194 1196->1193 1197->1180 1197->1196 1199->1180
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,0040130F,00000000,00000000,?), ref: 00401681
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(000000FF,?,00401821,?,?), ref: 004016A2
                                                                                                                                                                                      • Part of subcall function 00408DD2: wvsprintfW.USER32(?,00000000,?), ref: 00408DF6
                                                                                                                                                                                      • Part of subcall function 00408DD2: GetLastError.KERNEL32 ref: 00408E07
                                                                                                                                                                                      • Part of subcall function 00408DD2: FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,00406BA8), ref: 00408E2F
                                                                                                                                                                                      • Part of subcall function 00408DD2: FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,00406BA8), ref: 00408E44
                                                                                                                                                                                      • Part of subcall function 00408DD2: lstrlenW.KERNEL32(?), ref: 00408E57
                                                                                                                                                                                      • Part of subcall function 00408DD2: lstrlenW.KERNEL32(?), ref: 00408E5E
                                                                                                                                                                                      • Part of subcall function 00408DD2: ??2@YAPAXI@Z.MSVCRT ref: 00408E73
                                                                                                                                                                                      • Part of subcall function 00408DD2: lstrcpyW.KERNEL32(00000000,?), ref: 00408E89
                                                                                                                                                                                      • Part of subcall function 00408DD2: lstrcpyW.KERNEL32(-00000002,?), ref: 00408E9A
                                                                                                                                                                                      • Part of subcall function 00408DD2: ??3@YAXPAX@Z.MSVCRT ref: 00408EA3
                                                                                                                                                                                      • Part of subcall function 00408DD2: LocalFree.KERNEL32(?), ref: 00408EAD
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FormatMessagelstrcpylstrlen$??2@??3@CreateErrorFreeLastLocalObjectSingleThreadWaitwvsprintf
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 359084233-0
                                                                                                                                                                                    • Opcode ID: 5784c911f70ec8615644968fb8a473c4f5c63dc6ffda89886972cfc35f3b4edb
                                                                                                                                                                                    • Instruction ID: 7d3ff62e437ea0c91cf1abde2eedf7a668452c74c486bf28c73a25e4bfcfdf4b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5784c911f70ec8615644968fb8a473c4f5c63dc6ffda89886972cfc35f3b4edb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6E31D171600200BBEB316B15DC49AAB36A9EB95750F34853FF416B62F0DA798881DB1D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401BA1 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1202 401ba1-401bb0 CreateDirectoryW 1203 401be2-401be6 1202->1203 1204 401bb2-401bbf GetLastError 1202->1204 1205 401bc1 1204->1205 1206 401bcc-401bd9 GetFileAttributesW 1204->1206 1207 401bc2-401bcb SetLastError 1205->1207 1206->1203 1208 401bdb-401bdd 1206->1208 1208->1203 1209 401bdf-401be0 1208->1209 1209->1207
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(00403797,00000000,-00000001,00403797,?,004017FB,?,?,?,?,004017FB,?), ref: 00401BA8
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,004017FB,?), ref: 00401BB2
                                                                                                                                                                                    • SetLastError.KERNEL32(000000B7,?,?,?,?,004017FB,?), ref: 00401BC2
                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,?,?,?,004017FB,?), ref: 00401BD0
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$AttributesCreateDirectoryFile
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 635176117-0
                                                                                                                                                                                    • Opcode ID: 8f2a3c8d3dbd0b9b157f311614eca2aec544d8a8cefd4afcfa6ece4cce76612a
                                                                                                                                                                                    • Instruction ID: f7db12ecad7dba541322b8e170da9c659b9c03f701e9f85f77f9de7f49b8af7a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8f2a3c8d3dbd0b9b157f311614eca2aec544d8a8cefd4afcfa6ece4cce76612a
                                                                                                                                                                                    • Instruction Fuzzy Hash: EFE012305581106BDB101FB4FC4CB9B7EA9AB95325F608975F469E41F4E3349C814559
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403CBF Relevance: 4.7, APIs: 3, Instructions: 151COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1210 403cbf-403cd1 call 40239b 1213 403cd3-403cd6 1210->1213 1214 403ced-403cf4 1210->1214 1215 403cd8-403cdb 1213->1215 1216 403cdd-403ceb 1213->1216 1217 403cfb 1214->1217 1218 403cfe-403d3f call 40284f * 3 call 403bce call 402c1a 1215->1218 1216->1217 1217->1218 1229 403d41 1218->1229 1230 403d45-403d59 call 40291f 1218->1230 1229->1230 1233 403da8-403daa 1230->1233 1234 403d5b-403d77 call 403bce call 402c1a 1233->1234 1235 403dac-403dd9 call 403bce call 402c1a 1233->1235 1242 403d7c-403d81 1234->1242 1244 403ddb 1235->1244 1245 403ddf-403df0 call 4029b5 1235->1245 1246 403da3-403da6 1242->1246 1247 403d83-403d86 1242->1247 1244->1245 1254 403e46-403e48 1245->1254 1246->1233 1249 403d94-403d9f call 4029b5 1247->1249 1250 403d88-403d8f call 40297f 1247->1250 1249->1246 1250->1249 1256 403df2-403e15 call 403bce call 402c1a 1254->1256 1257 403e4a-403e6c ??3@YAXPAX@Z * 3 1254->1257 1261 403e1a-403e1f 1256->1261 1262 403e41-403e44 1261->1262 1263 403e21-403e24 1261->1263 1262->1254 1264 403e32-403e3d call 4029b5 1263->1264 1265 403e26-403e2d call 40297f 1263->1265 1264->1262 1265->1264
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 0040239B: LoadLibraryA.KERNEL32(kernel32,GetNativeSystemInfo,?,?,?,?,?,004023D1,00405BCF,00418818,00418818), ref: 004023AB
                                                                                                                                                                                      • Part of subcall function 0040239B: GetProcAddress.KERNEL32(00000000), ref: 004023B2
                                                                                                                                                                                      • Part of subcall function 0040239B: GetNativeSystemInfo.KERNELBASE(?,?,?,?,?,?,004023D1,00405BCF,00418818,00418818), ref: 004023C0
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403E4D
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403E55
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403E5D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$AddressInfoLibraryLoadNativeProcSystem
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1642057587-0
                                                                                                                                                                                    • Opcode ID: fbcb74f50d5c51b62476d0abded701187e6cc922a14639688d47cf7cf31169b5
                                                                                                                                                                                    • Instruction ID: 4cbf597906b98135771b168b77b6eb183d18575d7e5ac8660be24c748504df3f
                                                                                                                                                                                    • Opcode Fuzzy Hash: fbcb74f50d5c51b62476d0abded701187e6cc922a14639688d47cf7cf31169b5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8A515EB2D00109ABDF01EFD1C9859FEBB7EAF58309F04402AF511B2191EB7D9A46DB54
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401758 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1269 401758-40176f ??2@YAPAXI@Z 1270 401771-401778 call 40fb56 1269->1270 1271 40177a 1269->1271 1272 40177c-4017a8 call 401132 call 40c5fe 1270->1272 1271->1272 1279 4017c0-4017c9 call 408dd2 1272->1279 1280 4017aa-4017be call 40110a 1272->1280 1286 4017ca-4017cf 1279->1286 1280->1279 1285 4017e8-4017f2 1280->1285 1289 401800-40180a ??2@YAPAXI@Z 1285->1289 1290 4017f4-4017f6 call 40371d 1285->1290 1287 4017d1-4017d3 1286->1287 1288 4017d7-4017d9 1286->1288 1287->1288 1291 4017e1-4017e6 1288->1291 1292 4017db-4017dd 1288->1292 1294 401815 1289->1294 1295 40180c-401813 call 40149c 1289->1295 1297 4017fb-4017fe 1290->1297 1296 40183c-401840 1291->1296 1292->1291 1299 401817-40181c call 40163d 1294->1299 1295->1299 1297->1286 1297->1289 1302 401821-401828 1299->1302 1303 401830-401832 1302->1303 1304 40182a-40182c 1302->1304 1305 401834-401836 1303->1305 1306 40183a 1303->1306 1304->1303 1305->1306 1306->1296
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00401765
                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00401802
                                                                                                                                                                                      • Part of subcall function 0040371D: lstrlenW.KERNEL32(004017FB,00000000,?,?,?,?,?,?,004017FB,?), ref: 0040372A
                                                                                                                                                                                      • Part of subcall function 0040371D: GetSystemTimeAsFileTime.KERNEL32(?,004017FB,?,?,?,?,004017FB,?), ref: 004037A0
                                                                                                                                                                                      • Part of subcall function 0040371D: GetFileAttributesW.KERNELBASE(?,?,?,?,?,004017FB,?), ref: 004037A7
                                                                                                                                                                                      • Part of subcall function 0040371D: ??3@YAXPAX@Z.MSVCRT ref: 00403866
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??2@FileTime$??3@AttributesSystemlstrlen
                                                                                                                                                                                    • String ID: ExecuteFile
                                                                                                                                                                                    • API String ID: 1306139538-323923146
                                                                                                                                                                                    • Opcode ID: 5728c1b83bc4d1b9980e370ae573a7b0c9e39e3a3f34e0a4038bcb615272f731
                                                                                                                                                                                    • Instruction ID: 696917977cc0af5d7a86523ea3cefee026201a0d6e9a1adebbd371a6d4f8659a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5728c1b83bc4d1b9980e370ae573a7b0c9e39e3a3f34e0a4038bcb615272f731
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B31C575700204ABDB24ABA5CC85D6F77A9EF84705728447FF401FB2A1DA39AD41CB28
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040D5B6 Relevance: 4.5, APIs: 3, Instructions: 35COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1308 40d5b6-40d5c1 1309 40d600-40d602 1308->1309 1310 40d5c3-40d5c6 1308->1310 1311 40d5c8-40d5d6 ??2@YAPAXI@Z 1310->1311 1312 40d5ee 1310->1312 1313 40d5f0-40d5ff ??3@YAXPAX@Z 1311->1313 1314 40d5d8-40d5da 1311->1314 1312->1313 1313->1309 1315 40d5dc 1314->1315 1316 40d5de-40d5ec memmove 1314->1316 1315->1316 1316->1313
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??2@??3@memmove
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3828600508-0
                                                                                                                                                                                    • Opcode ID: 8236a5b7b3e36faa0891f74f9383a1170d0d145e753109a62820122de36d3916
                                                                                                                                                                                    • Instruction ID: d5dacd1b3fb98c21124dc1d33f48c6efd6003bf6c14ff8fbee7813475d9ee9aa
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8236a5b7b3e36faa0891f74f9383a1170d0d145e753109a62820122de36d3916
                                                                                                                                                                                    • Instruction Fuzzy Hash: 47F0E232B042006FC2305F6A9E8095BBBE9EBC4718314883FF95ED6351D634F8848628
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040E008 Relevance: 4.2, APIs: 3, Instructions: 462COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??2@
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1033339047-0
                                                                                                                                                                                    • Opcode ID: 681626a6d2388e1b46a499882a508d01bee9b587e2816172e644e9a69fa16b25
                                                                                                                                                                                    • Instruction ID: 786736d933f003369f23863796d1619ed635801a4e32b20000a897f24b9a5b67
                                                                                                                                                                                    • Opcode Fuzzy Hash: 681626a6d2388e1b46a499882a508d01bee9b587e2816172e644e9a69fa16b25
                                                                                                                                                                                    • Instruction Fuzzy Hash: C1121771A00209DFCB14DFA6C8908A9BBB5FF48304B14497EF91AA7391DB39ED55CB44
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004026FB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GlobalMemoryStatusEx.KERNELBASE(00000040), ref: 0040271F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: GlobalMemoryStatus
                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                    • API String ID: 1890195054-2766056989
                                                                                                                                                                                    • Opcode ID: 10a1a0dca67190ae1b2f8bab539977c25a6fc9f7f1c138144fabb0a44fa63ec7
                                                                                                                                                                                    • Instruction ID: c3a6faa0462241a280be2d9353c1e47863c81d4e618bf62eab88ba7ec8474a40
                                                                                                                                                                                    • Opcode Fuzzy Hash: 10a1a0dca67190ae1b2f8bab539977c25a6fc9f7f1c138144fabb0a44fa63ec7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DF0AF306042088ACF15AB70DF4DA5A76A5BB00308F10463AE012F71D0DBF89981864C
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00411AF9 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 0040FBFC: _CxxThrowException.MSVCRT(?,00416250), ref: 0040FC16
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00411C17
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00411D6F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$ExceptionThrow
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2803161813-0
                                                                                                                                                                                    • Opcode ID: 0c164981a5a92db9c49ef73fd7bcc9fba8e28d72662414d650f596ad21b7640b
                                                                                                                                                                                    • Instruction ID: a4732db55583ca78181ff33f67714ccec4ec82aa11d2dee84a4e715c00db3ea7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c164981a5a92db9c49ef73fd7bcc9fba8e28d72662414d650f596ad21b7640b
                                                                                                                                                                                    • Instruction Fuzzy Hash: CE814E70A04609ABCB24DFA5C991AEEF7B1BF08304F10452FE615A7761E738B984CB58
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040F78D Relevance: 3.1, APIs: 2, Instructions: 135COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@H_prolog
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1329742358-0
                                                                                                                                                                                    • Opcode ID: caad0199fcc4f04f30252f448b0a7f97c22d9f9acfc87625acf74ad1a3c28a8d
                                                                                                                                                                                    • Instruction ID: efb2f00d33aa1ccf63bb6429db99bdc6da243e5c394d73c928979b154fe646cf
                                                                                                                                                                                    • Opcode Fuzzy Hash: caad0199fcc4f04f30252f448b0a7f97c22d9f9acfc87625acf74ad1a3c28a8d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B41C573800109AFCB25EBA5C945AEE7775EF05304B19813BE80177AE2D73C5E0D9A59
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004011FD Relevance: 3.0, APIs: 2, Instructions: 42windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDiskFreeSpaceExW.KERNELBASE(?,00000000,00000000), ref: 00401219
                                                                                                                                                                                    • SendMessageW.USER32(00008001,00000000,?), ref: 00401272
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DiskFreeMessageSendSpace
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 696007252-0
                                                                                                                                                                                    • Opcode ID: 76c877f8e4e04b6b1800e0e3c37e02ee1ef8b0dd0ed0dfcb9a9652151f192eb4
                                                                                                                                                                                    • Instruction ID: 6537aa89ce628f24a2eb9e1cdbee530b0aed1928fb96dd1290126444b22a0e58
                                                                                                                                                                                    • Opcode Fuzzy Hash: 76c877f8e4e04b6b1800e0e3c37e02ee1ef8b0dd0ed0dfcb9a9652151f192eb4
                                                                                                                                                                                    • Instruction Fuzzy Hash: A4016D31214208AAEB11DB60DD85F9A37A9EB40700F6081BEF511FA1E0CB79A9508B1D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040119E Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??2@??3@
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1936579350-0
                                                                                                                                                                                    • Opcode ID: e5be92e29ea3999639b05ac6266f86f3b8ef3800ca7ff26467fec047451b197f
                                                                                                                                                                                    • Instruction ID: fbffce2cb9c5a4c22f50dad7d41ebaab4f040ab4d9ad274b237e9742f84e4579
                                                                                                                                                                                    • Opcode Fuzzy Hash: e5be92e29ea3999639b05ac6266f86f3b8ef3800ca7ff26467fec047451b197f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 41F0A436210611ABC334DF6DC591867B3E4FF88355720883FE6D6CB6A1DA71B890C754
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404620 Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetEnvironmentVariableW.KERNELBASE(?,?,?,00000000,?,?,0040628F,?,00000000,0000000A), ref: 0040465C
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404665
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@EnvironmentVariable
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3880889418-0
                                                                                                                                                                                    • Opcode ID: 5b2b941ff2133a40e19d01924192106ae3b6825a83548c0307f2662c6b41d040
                                                                                                                                                                                    • Instruction ID: c356e28fc434d8de4112928b3ac2c9ce4fff199355a5a9feefed93d50c0dffe7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5b2b941ff2133a40e19d01924192106ae3b6825a83548c0307f2662c6b41d040
                                                                                                                                                                                    • Instruction Fuzzy Hash: DFF03A76900118AFCB01AB94EC418CE77A8AF44704704807EF911E7161DF35A9518B88
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040BEB6 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040BED1
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?), ref: 0040BEDF
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFileLastPointer
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2976181284-0
                                                                                                                                                                                    • Opcode ID: 2dc8cee5598d33c9ccf099f17d10e976f116823a694517a44c1af7d0a77e4e36
                                                                                                                                                                                    • Instruction ID: 58a5dddce790eb067e59aca2af7185a8748fd17e24e05fc10a277d90b8df01f0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2dc8cee5598d33c9ccf099f17d10e976f116823a694517a44c1af7d0a77e4e36
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0DF0B7B5900208EFCB04CF95D8548EE7BB5EB89310B10C569F925A7390D7359A50DBA8
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040C169 Relevance: 3.0, APIs: 2, Instructions: 24memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 0040C181
                                                                                                                                                                                    • _CxxThrowException.MSVCRT(?,00415F74), ref: 0040C1A4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AllocExceptionStringThrow
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3773818493-0
                                                                                                                                                                                    • Opcode ID: fb0b8424ea3c18422dfb4546465b5c411461c7c894348be57eca799396026cd2
                                                                                                                                                                                    • Instruction ID: 9d709aa8e1cfb26431d9c10f6fda3bd1f7118755983c1d1d8d4145ebeb66b084
                                                                                                                                                                                    • Opcode Fuzzy Hash: fb0b8424ea3c18422dfb4546465b5c411461c7c894348be57eca799396026cd2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2EE06D31100308EBDB10AFA5D8819C67BE8EF04380B00C63FF908CA251E678D580CBD8
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401521 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 613200358-0
                                                                                                                                                                                    • Opcode ID: dbb34b2e4072251dc078110682882d418f36cce4a624835a3449e5548cad85c0
                                                                                                                                                                                    • Instruction ID: 5742f67201d23beaa9f8636bee72048afea15845169d910c3e0dc09cacb252b0
                                                                                                                                                                                    • Opcode Fuzzy Hash: dbb34b2e4072251dc078110682882d418f36cce4a624835a3449e5548cad85c0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 14E086325015149FC720AF55E814DC7B3E4EF44315315856EF48ADB660CB78FC82CB84
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040CFDF Relevance: 2.5, APIs: 2, Instructions: 34COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0040CFEA
                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?), ref: 0040D009
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3168844106-0
                                                                                                                                                                                    • Opcode ID: 9e5b06dc87699637085a0abfbb9de17ca0a3ebb0801bf684ed8affee5a97ca5d
                                                                                                                                                                                    • Instruction ID: f5706fc576ce77f3a24d7962246a0e1372d4318d431a8e20e1a1b6a23e370181
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e5b06dc87699637085a0abfbb9de17ca0a3ebb0801bf684ed8affee5a97ca5d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 83F03036600214EBCB218F95DC08E9ABBB9EF8D760F10442AFA55A7261C771E811DBA4
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040F93C Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                                    • Opcode ID: b310e02a71b0e9b0f57c8ff350f317a12e9997ed6537326e98dc413991563931
                                                                                                                                                                                    • Instruction ID: 6846990a0b7c700b0e564570ba35e58a51d6e24bd287ea03595f4ec4833d5ae3
                                                                                                                                                                                    • Opcode Fuzzy Hash: b310e02a71b0e9b0f57c8ff350f317a12e9997ed6537326e98dc413991563931
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2521B530700209ABCB24EFA5D855BAE7774AF40308F10443EF41ABB691DB38ED09CB69
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040DF18 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 613200358-0
                                                                                                                                                                                    • Opcode ID: 739b35a5791073f7d0c553ccc943c663e6bc7fd8b43405849e4dba405c2372ff
                                                                                                                                                                                    • Instruction ID: 7840a2ccd5a960e93a6d95847f56d5fff308d56e59930d1c0d757fa52b2cbb73
                                                                                                                                                                                    • Opcode Fuzzy Hash: 739b35a5791073f7d0c553ccc943c663e6bc7fd8b43405849e4dba405c2372ff
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2BF09072A1010CBBDB11AF59C8818AEB3ACEF81364700803BFD09AB341D679ED0587A4
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040127E Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetFileAttributesW.KERNELBASE(?,?), ref: 004012C2
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3188754299-0
                                                                                                                                                                                    • Opcode ID: 99bbeda3998a939772efb656e1c99ec3b49f936e01c00e27716b5450bac36e45
                                                                                                                                                                                    • Instruction ID: 8804b63aef8d5166b786aa1d470143da4cafa9e74bcb3062b324a687b6a94c0e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 99bbeda3998a939772efb656e1c99ec3b49f936e01c00e27716b5450bac36e45
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FF05832100602EFD720ABA9D840AA7B7F5BB94311F04892EE586F26E0D738A885CB55
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040BF1C Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 0040BE4B: FindCloseChangeNotification.KERNELBASE(00418818,?,0040BF27,00000000,?,0040BF6F,00405C0F,80000000,?,?,?,0040BF91,?,00418818,00000003,00000080), ref: 0040BE56
                                                                                                                                                                                    • CreateFileW.KERNELBASE(00418818,00000000,?,00000000,00405C0F,00000000,00000000,00000000,?,0040BF6F,00405C0F,80000000,?,?,?,0040BF91), ref: 0040BF3E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ChangeCloseCreateFileFindNotification
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 727422849-0
                                                                                                                                                                                    • Opcode ID: 8d75af9a6c217c950491c3631b52d086b6a135f3c5a9e976b3a65ef09916f851
                                                                                                                                                                                    • Instruction ID: 90411d92f9d8fc56c138e00aa788ce8dd8e9066487309eaec17cc9a92b37b09c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d75af9a6c217c950491c3631b52d086b6a135f3c5a9e976b3a65ef09916f851
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0EE04F360002196BCF215F649C01BCA3B95AF09360F104126BB24A61E0C772D465AB9C
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040C05D Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • WriteFile.KERNELBASE(?,?,00000001,00000000,00000000,?,?,0040C67B,00000001,00418818,00418818,0041449C,?,004055C8,?,?), ref: 0040C080
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3934441357-0
                                                                                                                                                                                    • Opcode ID: f87172bd460ca3b54a79ebd290cb322ba78c3867cc27832738d70ce0c19e6544
                                                                                                                                                                                    • Instruction ID: b8ac05db2d4a94fa31fca8da97501392d380f31373f02cc2359ce7771c6d952e
                                                                                                                                                                                    • Opcode Fuzzy Hash: f87172bd460ca3b54a79ebd290cb322ba78c3867cc27832738d70ce0c19e6544
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5BE03234640208FFCB00CFA0C800B8E3BB9AB08714F20C028F8189A2A0C3399A10EF14
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00406E34 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _beginthreadex
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3014514943-0
                                                                                                                                                                                    • Opcode ID: b45036c3ba1d8840ed147fa51aa3b54808154657542cc12759115a57a724e90e
                                                                                                                                                                                    • Instruction ID: 247003c3cbeddfb2b625e3bdb8727c8b4f2641553652fddb98de5e4cb0adc6ee
                                                                                                                                                                                    • Opcode Fuzzy Hash: b45036c3ba1d8840ed147fa51aa3b54808154657542cc12759115a57a724e90e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AD05EF6900208BFCF01EFE0CC05CEB3BADEF08244B008464BD05C2110E672DA109BB0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00411D7E Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: H_prolog
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3519838083-0
                                                                                                                                                                                    • Opcode ID: 79dd5a53ceaa10d323906d6c4c09a067708a8351cba9fff8f600675c26666cc2
                                                                                                                                                                                    • Instruction ID: 72e6a8a8c5ad423b706d1c8477e98d2bf6fe7c2d1236b40809de9acfe940e46e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 79dd5a53ceaa10d323906d6c4c09a067708a8351cba9fff8f600675c26666cc2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 54D05B72A00114ABD7159F85DD05BDEFB78EF81359F10816FF10151110D3BD6A41856D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040BFA2 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ReadFile.KERNELBASE(?,?,?,00000000,00000000), ref: 0040BFB8
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileRead
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2738559852-0
                                                                                                                                                                                    • Opcode ID: e9757d328d643c7454ad56557c4d9905e5ed03d7027cc49797d163fdbd19fd89
                                                                                                                                                                                    • Instruction ID: 6600978e9b0ccbf498a810640cc831596d613c388fbe18220f7993c6c269e9fc
                                                                                                                                                                                    • Opcode Fuzzy Hash: e9757d328d643c7454ad56557c4d9905e5ed03d7027cc49797d163fdbd19fd89
                                                                                                                                                                                    • Instruction Fuzzy Hash: FFE0EC75200208FFDB01CF91CD01FDE7BBEEB49754F208068EA0596160C7759A10EB54
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040BE4B Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00418818,?,0040BF27,00000000,?,0040BF6F,00405C0F,80000000,?,?,?,0040BF91,?,00418818,00000003,00000080), ref: 0040BE56
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2591292051-0
                                                                                                                                                                                    • Opcode ID: d75d5fc0baf4f2939d0adfdd415025799ab6c32361fdd26dbcb1c09c5b554eea
                                                                                                                                                                                    • Instruction ID: be21f2d7e2f065a1e4cf32b2320b5ecc72b3a54c58d665c0bd3e5472e34ca940
                                                                                                                                                                                    • Opcode Fuzzy Hash: d75d5fc0baf4f2939d0adfdd415025799ab6c32361fdd26dbcb1c09c5b554eea
                                                                                                                                                                                    • Instruction Fuzzy Hash: F9D0123160422146CE741E3CB8445D337D89E46374321476BF5B5E32F0D3748C8346D8
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040C419 Relevance: 1.5, APIs: 1, Instructions: 14COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 613200358-0
                                                                                                                                                                                    • Opcode ID: 506673dd77341df6c5768a5f5f3ea4a77a33aa6e97ab1c6709151e78463dc1fd
                                                                                                                                                                                    • Instruction ID: c4445dddb8df63c2b97e31c366ac33767061a7d55bbc9a7be8a678ca5c462557
                                                                                                                                                                                    • Opcode Fuzzy Hash: 506673dd77341df6c5768a5f5f3ea4a77a33aa6e97ab1c6709151e78463dc1fd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4ED05E72414B00CFD3246F11E40579377D0AB1033BF21CA5F905A158D1C7BDA481AA88
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040C030 Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetFileTime.KERNELBASE(?,?,?,?,0040C05A,00000000,00000000,?,004012AF,?), ref: 0040C03E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileTime
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1425588814-0
                                                                                                                                                                                    • Opcode ID: c0e5e33048760219d2a04593f2bb40d099f123eabf13ff9ad38c69bb38ccd200
                                                                                                                                                                                    • Instruction ID: ea010d3a690561246fe19a690d3fd65df6325dae63f8daef288d6a2187e6b862
                                                                                                                                                                                    • Opcode Fuzzy Hash: c0e5e33048760219d2a04593f2bb40d099f123eabf13ff9ad38c69bb38ccd200
                                                                                                                                                                                    • Instruction Fuzzy Hash: AEC04C3A158105FFCF020FB0CC04C1ABFA2AB99311F10C918B259C5070C7328024EB02
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040D0F9 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: memmove
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2162964266-0
                                                                                                                                                                                    • Opcode ID: 629220965c6bd2db472e7962868e1e1f545117e5f950cd86d21845d398ffb971
                                                                                                                                                                                    • Instruction ID: a4b432defa2f872f2e946a78cf9859ae6dceab650c9b954c79c80a890c02e361
                                                                                                                                                                                    • Opcode Fuzzy Hash: 629220965c6bd2db472e7962868e1e1f545117e5f950cd86d21845d398ffb971
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B21E471A00B009FC720CF9AC88485BF7FAFF88724764892EE09A97A50E774BD45CB54
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040CED6 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _CxxThrowException.MSVCRT(?,00415FFC), ref: 0040CF19
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrow
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 432778473-0
                                                                                                                                                                                    • Opcode ID: c55205c91926b37fafed77e2ec1812a0d6aea0a5967d0921fad9188accd9e898
                                                                                                                                                                                    • Instruction ID: 6a5d6d8d1e5a2607387ff05ecddc3380d06d5443c211f61aaf30d4f4d0e37a27
                                                                                                                                                                                    • Opcode Fuzzy Hash: c55205c91926b37fafed77e2ec1812a0d6aea0a5967d0921fad9188accd9e898
                                                                                                                                                                                    • Instruction Fuzzy Hash: EB017171501701EFDB28CF69C845A9BBBF8EF453107144A6EA482D3641D374FA46CB90
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403305 Relevance: 1.3, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??2@
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1033339047-0
                                                                                                                                                                                    • Opcode ID: 7e063798c2ce49969361d9b7fe6375fdb1e7f17d00aa3dc22709233837362719
                                                                                                                                                                                    • Instruction ID: 9ef6f0e2e02f5eae2298eed2354599e037224ec6dfed32698a6da5f5f3818d78
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7e063798c2ce49969361d9b7fe6375fdb1e7f17d00aa3dc22709233837362719
                                                                                                                                                                                    • Instruction Fuzzy Hash: E4D0A93570821016DA94A9720E42ABF09888F80361B00083FBC01F72C0EC7C8941429D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402765 Relevance: 1.3, APIs: 1, Instructions: 12memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,0040CEBC,?,?,?,004096CF,?), ref: 00402781
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                                                                    • Opcode ID: c0747d2b54f00527e28e55407353a72f8354565475e3e521c76b3ccfb0f995d3
                                                                                                                                                                                    • Instruction ID: c8419c84987ab9f9043192ec71a1da35683a063982673f1d4b03f9dfb55d97bf
                                                                                                                                                                                    • Opcode Fuzzy Hash: c0747d2b54f00527e28e55407353a72f8354565475e3e521c76b3ccfb0f995d3
                                                                                                                                                                                    • Instruction Fuzzy Hash: DAC08C302483007AEE1517A08F0BF4A3662AB88B1AF40C429F384A50E0D7F58400B60D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401D26 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • VirtualFree.KERNELBASE(?,00000000,00008000,0040CE64,00000000,?,0040CEB3,?,?,004096CF,?), ref: 00401D38
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                                                                    • Opcode ID: 32a91dde98d5100741efe9c4c504ac7ef1165072957eb49c26da89f99dbc19d7
                                                                                                                                                                                    • Instruction ID: 52e13e518f9be9114dfd9f0dcb33d46b5f51ce713fe3f05cd2c94b9e5c1fb23c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 32a91dde98d5100741efe9c4c504ac7ef1165072957eb49c26da89f99dbc19d7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6DB09230244300BEEF214B00DE0DB4A77A1AB90B01F20C928B198241F097B86844DA09
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 004021B3 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 150stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,00000020,-00000002), ref: 00402202
                                                                                                                                                                                    • wsprintfW.USER32 ref: 00402213
                                                                                                                                                                                    • GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00402228
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 0040222D
                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00402248
                                                                                                                                                                                    • GetEnvironmentVariableW.KERNEL32(?,00000000,00000004), ref: 0040225B
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00402262
                                                                                                                                                                                    • lstrcmpiW.KERNEL32(00000000,00404955), ref: 00402277
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402287
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004022A5
                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 004022AE
                                                                                                                                                                                    • lstrlenA.KERNEL32(00415208), ref: 004022E2
                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 004022FD
                                                                                                                                                                                    • GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 0040232F
                                                                                                                                                                                    • _wtol.MSVCRT(?), ref: 00402340
                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00415208,00000001,00000000,00000002), ref: 00402360
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$??2@??3@EnvironmentVariable$ByteCharInfoLocaleMultiWide_wtollstrcmpilstrlenwsprintf
                                                                                                                                                                                    • String ID: 7zSfxString%d
                                                                                                                                                                                    • API String ID: 2117570002-3906403175
                                                                                                                                                                                    • Opcode ID: 4d436d2356ec1d6afd67432b73a979a7ff3af9b986a46af683d9cf0246848532
                                                                                                                                                                                    • Instruction ID: 3ab846e255d67cb18ffe3ad7b55f1665823b4c0101406b52f8400e9fffcfb60b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4d436d2356ec1d6afd67432b73a979a7ff3af9b986a46af683d9cf0246848532
                                                                                                                                                                                    • Instruction Fuzzy Hash: B951D571A00208EFCB109FB4DD49ADA7BB8FB49300B11447FE506E72D0DB78A994CB28
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401DF5 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 85libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00401E00
                                                                                                                                                                                    • FindResourceExA.KERNEL32(00000000,?,?,00000000), ref: 00401E1D
                                                                                                                                                                                    • FindResourceExA.KERNEL32(00000000,?,?,00000409), ref: 00401E31
                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 00401E42
                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00401E4C
                                                                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 00401E57
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32,SetProcessPreferredUILanguages), ref: 00401E83
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00401E8C
                                                                                                                                                                                    • wsprintfW.USER32 ref: 00401EAB
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32,SetThreadPreferredUILanguages), ref: 00401EC0
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 00401EC3
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Resource$Load$AddressFindLibraryProc$HandleLockModuleSizeofwsprintf
                                                                                                                                                                                    • String ID: %04X%c%04X%c$SetProcessPreferredUILanguages$SetThreadPreferredUILanguages$kernel32
                                                                                                                                                                                    • API String ID: 2639302590-365843014
                                                                                                                                                                                    • Opcode ID: f3b181bdb1dd7712d2262e78495c99b7539d7d08376e29593b7b35a4ee752d35
                                                                                                                                                                                    • Instruction ID: 0bae6d538d88249feec22e70dee6e974a297163e78d6f1732f828fb100938c5a
                                                                                                                                                                                    • Opcode Fuzzy Hash: f3b181bdb1dd7712d2262e78495c99b7539d7d08376e29593b7b35a4ee752d35
                                                                                                                                                                                    • Instruction Fuzzy Hash: E02151B5940308BBDB119BA5DC08FDF3AADEB84715F158036FA05A7291DB78D940CBA8
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00408DD2 Relevance: 16.6, APIs: 11, Instructions: 96stringwindowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • wvsprintfW.USER32(?,00000000,?), ref: 00408DF6
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00408E07
                                                                                                                                                                                    • FormatMessageW.KERNEL32(00001100,00000000,00000000,?,?,00000000,00406BA8), ref: 00408E2F
                                                                                                                                                                                    • FormatMessageW.KERNEL32(00001100,00000000,?,00000000,?,00000000,00406BA8), ref: 00408E44
                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00408E57
                                                                                                                                                                                    • lstrlenW.KERNEL32(?), ref: 00408E5E
                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00408E73
                                                                                                                                                                                    • lstrcpyW.KERNEL32(00000000,?), ref: 00408E89
                                                                                                                                                                                    • lstrcpyW.KERNEL32(-00000002,?), ref: 00408E9A
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00408EA3
                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 00408EAD
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FormatMessagelstrcpylstrlen$??2@??3@ErrorFreeLastLocalwvsprintf
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 829399097-0
                                                                                                                                                                                    • Opcode ID: f8b571cf12f2142ed93ce3a343f707ef736bd3d350d96661a320894885632500
                                                                                                                                                                                    • Instruction ID: 430b742eb51bd6d908813ed9783ba86da6981bd96c63e5e907f370e205208e14
                                                                                                                                                                                    • Opcode Fuzzy Hash: f8b571cf12f2142ed93ce3a343f707ef736bd3d350d96661a320894885632500
                                                                                                                                                                                    • Instruction Fuzzy Hash: B6218176900118BFDB149FA1DD85DEB3BBCFB48354B10407AFA45D6190EF34AA848BA4
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402F12 Relevance: 16.6, APIs: 11, Instructions: 90filestringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindFirstFileW.KERNEL32(?,?,004145D0,?,?,?,00000000), ref: 00402F41
                                                                                                                                                                                    • lstrcmpW.KERNEL32(?,004145CC,?,0000005C,?,?,?,00000000), ref: 00402F94
                                                                                                                                                                                    • lstrcmpW.KERNEL32(?,004145C4,?,?,00000000), ref: 00402FAA
                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,0000005C,?,?,?,00000000), ref: 00402FC0
                                                                                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000000), ref: 00402FC7
                                                                                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010,?,?,00000000), ref: 00402FD9
                                                                                                                                                                                    • FindClose.KERNEL32(00000000,?,?,00000000), ref: 00402FE8
                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000000), ref: 00402FF3
                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,?,?,00000000), ref: 00402FFC
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403007
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403012
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$Find$??3@Attributeslstrcmp$CloseDeleteDirectoryFirstNextRemove
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1862581289-0
                                                                                                                                                                                    • Opcode ID: 0393c84bcc337a163d12bb9984b23ba9f13974d14f737d5466da6d7640f8d65a
                                                                                                                                                                                    • Instruction ID: cb1819d8829f3ea853b928feda35cb2472adc35407fd345360bfd53aaca0e622
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0393c84bcc337a163d12bb9984b23ba9f13974d14f737d5466da6d7640f8d65a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 55218030600219BADB20AF61DD8DEEE3B7C9F94745F10407AF905F20D1EB789A859A68
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00408643 Relevance: 7.5, APIs: 5, Instructions: 47threadCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00408662
                                                                                                                                                                                    • SetWindowsHookExW.USER32(00000007,Function_00008589,00000000,00000000), ref: 0040866D
                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 0040867C
                                                                                                                                                                                    • SetWindowsHookExW.USER32(00000002,Function_00008615,00000000,00000000), ref: 00408687
                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 004086AD
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentHookThreadWindows$Dialog
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1967849563-0
                                                                                                                                                                                    • Opcode ID: a0805c3b6262eedc2856a77b882f8b22c7f0eb3195d906f6a4b2a32eeb2a9efd
                                                                                                                                                                                    • Instruction ID: 75cd9ee5bc6f61fe2cb81be21b4fd125b80c6fdd5fd3af93018a39c96244cffa
                                                                                                                                                                                    • Opcode Fuzzy Hash: a0805c3b6262eedc2856a77b882f8b22c7f0eb3195d906f6a4b2a32eeb2a9efd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B01DBB1201218DFC2106B56EE84972F7ECE7943A6756443FEA4591160CEB79840CB68
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040247A Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(00406061,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,0000000A,-00000008,00406061,?,00000000,0000000A), ref: 004024B3
                                                                                                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 004024C5
                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 004024CE
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3429775523-0
                                                                                                                                                                                    • Opcode ID: f95902cbba3d6f605503444b4f1013812362749f131f83053839915cbbdee454
                                                                                                                                                                                    • Instruction ID: 2f4618e6ceb2729e5ce81d0b7ff02b8ca2855782c3c39cce86a1747ea6c70431
                                                                                                                                                                                    • Opcode Fuzzy Hash: f95902cbba3d6f605503444b4f1013812362749f131f83053839915cbbdee454
                                                                                                                                                                                    • Instruction Fuzzy Hash: AAF03C72944288FEDB01DBE99D85ADEBF7CAB18300F4480AAA201A3182D2705704CB29
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040506D Relevance: 56.2, APIs: 30, Strings: 2, Instructions: 213threadprocesssynchronizationCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCommandLineW.KERNEL32(?,?,?), ref: 0040508E
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405151
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405159
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405161
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405169
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405171
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405179
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405181
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405189
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405191
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405199
                                                                                                                                                                                    • GetStartupInfoW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 004051B2
                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000001,01000004,00000000,00000044,?), ref: 004051D9
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 004051E3
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004051EE
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004051F6
                                                                                                                                                                                    • CreateJobObjectW.KERNEL32(00000000,00000000), ref: 0040520B
                                                                                                                                                                                    • AssignProcessToJobObject.KERNEL32(00000000,?), ref: 00405222
                                                                                                                                                                                    • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 00405232
                                                                                                                                                                                    • SetInformationJobObject.KERNEL32(?,00000007,?,00000008), ref: 00405253
                                                                                                                                                                                    • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040525C
                                                                                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(00000000,?,?,?,000000FF,?,?,?,?,?,?,?,?,?,00000000), ref: 0040527B
                                                                                                                                                                                    • ResumeThread.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405284
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,00000000), ref: 0040528B
                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040529A
                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(?,?), ref: 004052A3
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 004052AE
                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 004052BA
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004052C1
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004052CC
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$CloseHandleObject$CreateProcess$CompletionErrorLastResumeThread$AssignCodeCommandExitInfoInformationLinePortQueuedSingleStartupStatusWait
                                                                                                                                                                                    • String ID: " -$sfxwaitall
                                                                                                                                                                                    • API String ID: 2734624574-3991362806
                                                                                                                                                                                    • Opcode ID: 6c878980874e97d60afc73b64ceb1c7c2be65b034dc70558c8d8210e514a4f6e
                                                                                                                                                                                    • Instruction ID: 7f61a69da49000c65074572d1fe98706f6aedafc1cd57d8e6ee043ebd50c0a44
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6c878980874e97d60afc73b64ceb1c7c2be65b034dc70558c8d8210e514a4f6e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 22615EB2800108BBDF11AFA1DD46EDF3B6CFF48314F04453AFA15F21A1EA7999548B68
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040388A Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 290comCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _wtol.MSVCRT(AW@,00000000,004187DC), ref: 004038AE
                                                                                                                                                                                    • SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000,004187E8,00000000,004187DC), ref: 00403951
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039C2
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039CA
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039D2
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039DA
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039E2
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039EA
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004039F2
                                                                                                                                                                                    • _wtol.MSVCRT(?,00000000,?,00000000,?,00000000,?,00000000,?,00000000,?,00000000,?,00000000,?,?), ref: 00403A48
                                                                                                                                                                                    • CoCreateInstance.OLE32(00415E24,00000000,00000001,00415DE4,AW@,.lnk,?,0000005C), ref: 00403AE9
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403B81
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403B89
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403B91
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403B99
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403BA1
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403BA9
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403BB1
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403BB7
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403BBF
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$_wtol$CreateFolderInstancePathSpecial
                                                                                                                                                                                    • String ID: .lnk$AW@
                                                                                                                                                                                    • API String ID: 408529070-3304780919
                                                                                                                                                                                    • Opcode ID: 33a177fc728b9fb2766538f2a45a39d6c149278c2708d1387966b2df1fde6a94
                                                                                                                                                                                    • Instruction ID: ac1975162933dc708b18ff6028a348059c12a5eb5a94371c916586bd2bb8d11a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 33a177fc728b9fb2766538f2a45a39d6c149278c2708d1387966b2df1fde6a94
                                                                                                                                                                                    • Instruction Fuzzy Hash: 64A18F75810209ABDF14EFA1CD46DEEBB78FF54309F50442EF412B61A1DB78AA85CB18
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00405333 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 144fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDriveTypeW.KERNEL32(?,?,00000000), ref: 0040537A
                                                                                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 004053AB
                                                                                                                                                                                    • WriteFile.KERNEL32(00418818,?,?,00406D34,00000000,del ",:Repeat,00000000), ref: 00405460
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040546B
                                                                                                                                                                                    • CloseHandle.KERNEL32(00418818), ref: 00405474
                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(00406D34,00000000), ref: 0040548B
                                                                                                                                                                                    • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000000), ref: 0040549D
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004054A6
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004054B2
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004054B8
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004054E6
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$File$AttributesCloseCreateDriveExecuteHandleShellTypeWrite
                                                                                                                                                                                    • String ID: "$" goto Repeat$7ZSfx%03x.cmd$:Repeat$del "$if exist "$open
                                                                                                                                                                                    • API String ID: 3007203151-3467708659
                                                                                                                                                                                    • Opcode ID: a1f0e469e149a7707563f22400a512ad791da98604579a738b29f2e7a1cb8d31
                                                                                                                                                                                    • Instruction ID: dd19172183314f13989176bb75b485d2f6e39d8bd015fd44596edd7a76c33576
                                                                                                                                                                                    • Opcode Fuzzy Hash: a1f0e469e149a7707563f22400a512ad791da98604579a738b29f2e7a1cb8d31
                                                                                                                                                                                    • Instruction Fuzzy Hash: 92413D71800109EADB10AF91DD86EEFBB79EF04358F10853AF511B60E1DB786E85CB68
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403159 Relevance: 35.1, APIs: 16, Strings: 4, Instructions: 123windowlibrarystringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetClassNameA.USER32(?,?,00000040), ref: 0040316C
                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,STATIC), ref: 0040317F
                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0040318C
                                                                                                                                                                                      • Part of subcall function 00403116: GetWindowTextLengthW.USER32(?), ref: 00403127
                                                                                                                                                                                      • Part of subcall function 00403116: GetWindowTextW.USER32(004031A0,00000000,00000001), ref: 00403144
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004031B9
                                                                                                                                                                                    • GetParent.USER32(?), ref: 004031C7
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(riched20), ref: 004031DB
                                                                                                                                                                                    • GetMenu.USER32(?), ref: 004031EE
                                                                                                                                                                                    • SetThreadLocale.KERNEL32(00000419), ref: 004031FB
                                                                                                                                                                                    • CreateWindowExW.USER32(00000000,RichEdit20W,004144C8,50000804,?,?,?,?,?,00000000,00000000,00000000), ref: 0040322B
                                                                                                                                                                                    • DestroyWindow.USER32(?), ref: 0040323C
                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000459,00000022,00000000), ref: 00403251
                                                                                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00403255
                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 00403263
                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000461,?,?), ref: 0040328E
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403293
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040329B
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$??3@MessageSend$Text$ClassColorCreateDestroyLengthLibraryLoadLocaleLongMenuNameParentThreadlstrcmpi
                                                                                                                                                                                    • String ID: RichEdit20W$STATIC$riched20${\rtf
                                                                                                                                                                                    • API String ID: 3514532227-2281146334
                                                                                                                                                                                    • Opcode ID: 85e30b137fbc782f6badd955efe1c666e4902aa5b1f98644ef8ad62f4b2dde7f
                                                                                                                                                                                    • Instruction ID: f87ecbe388e0223389a063f86bd1e1dddf67b0c51ef4acd7a43fb054af45fbac
                                                                                                                                                                                    • Opcode Fuzzy Hash: 85e30b137fbc782f6badd955efe1c666e4902aa5b1f98644ef8ad62f4b2dde7f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0F319F72900108BFDB01AFE5DD49EEF7BBCAF48745F144036F600F2191DA749A818B68
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004086FE Relevance: 34.8, APIs: 23, Instructions: 265windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00408AC8), ref: 00408727
                                                                                                                                                                                    • LoadIconW.USER32(00000000), ref: 0040872A
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000032), ref: 0040873E
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000031), ref: 00408743
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00408AC8), ref: 0040874C
                                                                                                                                                                                    • LoadImageW.USER32(00000000), ref: 0040874F
                                                                                                                                                                                    • SendMessageW.USER32(?,00000080,00000001,?), ref: 0040876F
                                                                                                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408778
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B2), ref: 00408794
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B2), ref: 0040879E
                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 004087AA
                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087B9
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 004087C7
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 004087D5
                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 004087E1
                                                                                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087F0
                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 004088D6
                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 004088F2
                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 0040890A
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000065,000004B4,00000000,000004B3,00000000,000004B2,?,000004B7,?,?,?,?,?,00408AC8), ref: 0040896A
                                                                                                                                                                                    • LoadIconW.USER32(00000000), ref: 00408971
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B1), ref: 00408990
                                                                                                                                                                                    • SendMessageW.USER32(00000000), ref: 00408993
                                                                                                                                                                                      • Part of subcall function 00407B3C: GetDlgItem.USER32(?,?), ref: 00407B46
                                                                                                                                                                                      • Part of subcall function 00407B3C: GetWindowTextLengthW.USER32(00000000), ref: 00407B4D
                                                                                                                                                                                      • Part of subcall function 00407209: GetDlgItem.USER32(?,?), ref: 00407216
                                                                                                                                                                                      • Part of subcall function 00407209: ShowWindow.USER32(00000000,?), ref: 0040722D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$Item$Long$HandleLoadMessageModuleSend$IconMetricsSystem$ImageLengthShowText
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3694754696-0
                                                                                                                                                                                    • Opcode ID: 912d7ef425d6c6494e29e3deb2b18d2c0e92bb38c953af52e25b7107b56c7ff0
                                                                                                                                                                                    • Instruction ID: 039de319893d1fc2a2f677b1cd9d0fdeb06e220da667d6f51fbd84e31fd24c88
                                                                                                                                                                                    • Opcode Fuzzy Hash: 912d7ef425d6c6494e29e3deb2b18d2c0e92bb38c953af52e25b7107b56c7ff0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E710EB03047056BE6117B61DE4AF3B3A99EB80754F10443EF692762D2CFBDAC408A5E
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404B35 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 207stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrcmpiW.KERNEL32(00000000,004156B8,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00404C11
                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32(00000000,00000020,-00000002), ref: 00402202
                                                                                                                                                                                      • Part of subcall function 004021B3: wsprintfW.USER32 ref: 00402213
                                                                                                                                                                                      • Part of subcall function 004021B3: GetEnvironmentVariableW.KERNEL32(?,00000000,00000000), ref: 00402228
                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32 ref: 0040222D
                                                                                                                                                                                      • Part of subcall function 004021B3: ??2@YAPAXI@Z.MSVCRT ref: 00402248
                                                                                                                                                                                      • Part of subcall function 004021B3: GetEnvironmentVariableW.KERNEL32(?,00000000,00000004), ref: 0040225B
                                                                                                                                                                                      • Part of subcall function 004021B3: GetLastError.KERNEL32 ref: 00402262
                                                                                                                                                                                      • Part of subcall function 004021B3: lstrcmpiW.KERNEL32(00000000,00404955), ref: 00402277
                                                                                                                                                                                      • Part of subcall function 004021B3: ??3@YAXPAX@Z.MSVCRT ref: 00402287
                                                                                                                                                                                      • Part of subcall function 004021B3: SetLastError.KERNEL32(?), ref: 004022AE
                                                                                                                                                                                      • Part of subcall function 004021B3: lstrlenA.KERNEL32(00415208), ref: 004022E2
                                                                                                                                                                                      • Part of subcall function 004021B3: ??2@YAPAXI@Z.MSVCRT ref: 004022FD
                                                                                                                                                                                      • Part of subcall function 004021B3: GetLocaleInfoW.KERNEL32(?,00001004,?,0000001F), ref: 0040232F
                                                                                                                                                                                    • _wtol.MSVCRT(00000000), ref: 00404D0E
                                                                                                                                                                                    • _wtol.MSVCRT(00000000), ref: 00404D2A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$??2@EnvironmentVariable_wtollstrcmpi$??3@InfoLocalelstrlenwsprintf
                                                                                                                                                                                    • String ID: CancelPrompt$ErrorTitle$ExtractCancelText$ExtractDialogText$ExtractDialogWidth$ExtractPathText$ExtractPathTitle$ExtractPathWidth$ExtractTitle$GUIFlags$GUIMode$MiscFlags$OverwriteMode$Progress$Title$WarningTitle
                                                                                                                                                                                    • API String ID: 2725485552-1675048025
                                                                                                                                                                                    • Opcode ID: 4f3447e187b8d09034772c4e1f667da3943b2aa83526ce6edd17a205bd317e56
                                                                                                                                                                                    • Instruction ID: 0029bdf793b7ca219a6cf9bf5c630004183a1ad15403dcfd881f782f334e5f10
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4f3447e187b8d09034772c4e1f667da3943b2aa83526ce6edd17a205bd317e56
                                                                                                                                                                                    • Instruction Fuzzy Hash: 405193F1D01108BFEB107B615D8A9EF36ACDA91358724443FFA14F22C1EABD4E85866D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401EDE Relevance: 31.6, APIs: 21, Instructions: 121windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetWindowDC.USER32(00000000), ref: 00401EEA
                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00401EF6
                                                                                                                                                                                    • MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00401F0F
                                                                                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00401F3E
                                                                                                                                                                                    • MulDiv.KERNEL32(?,00000003,00000002), ref: 00401F49
                                                                                                                                                                                    • MulDiv.KERNEL32(?,00000003,00000002), ref: 00401F53
                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00401F61
                                                                                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00401F68
                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401F76
                                                                                                                                                                                    • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00401F84
                                                                                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00401F8C
                                                                                                                                                                                    • SetStretchBltMode.GDI32(00000000,00000004), ref: 00401F94
                                                                                                                                                                                    • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00401FB3
                                                                                                                                                                                    • GetCurrentObject.GDI32(00000000,00000007), ref: 00401FBC
                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401FC9
                                                                                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00401FCF
                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00401FD8
                                                                                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00401FDB
                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00401FE2
                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00401FF1
                                                                                                                                                                                    • CopyImage.USER32(?,00000000,00000000,00000000,00000000), ref: 00401FFE
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Object$Select$CompatibleCreate$DeleteReleaseStretch$BitmapCapsCopyCurrentDeviceImageModeWindow
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3462224810-0
                                                                                                                                                                                    • Opcode ID: b47bfa37766e864d5ac7c3bff5c7f29dd76547e571441b34574f095888733673
                                                                                                                                                                                    • Instruction ID: 5d1e451046eba931a8e7b73d6ea6690a392447b5a41005267d77fd745915eb74
                                                                                                                                                                                    • Opcode Fuzzy Hash: b47bfa37766e864d5ac7c3bff5c7f29dd76547e571441b34574f095888733673
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A310776D40208BFDF215BE29D48EEF7FBDEB88761F108066F604A61A0C7754A50EB64
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402009 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 120windowcommemoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetClassNameA.USER32(?,?,00000040), ref: 0040201B
                                                                                                                                                                                    • lstrcmpiA.KERNEL32(?,STATIC), ref: 00402032
                                                                                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00402045
                                                                                                                                                                                    • GetMenu.USER32(?), ref: 0040205A
                                                                                                                                                                                      • Part of subcall function 00401DF5: GetModuleHandleW.KERNEL32(00000000), ref: 00401E00
                                                                                                                                                                                      • Part of subcall function 00401DF5: FindResourceExA.KERNEL32(00000000,?,?,00000000), ref: 00401E1D
                                                                                                                                                                                      • Part of subcall function 00401DF5: FindResourceExA.KERNEL32(00000000,?,?,00000409), ref: 00401E31
                                                                                                                                                                                      • Part of subcall function 00401DF5: SizeofResource.KERNEL32(00000000,00000000), ref: 00401E42
                                                                                                                                                                                      • Part of subcall function 00401DF5: LoadResource.KERNEL32(00000000,00000000), ref: 00401E4C
                                                                                                                                                                                      • Part of subcall function 00401DF5: LockResource.KERNEL32(00000000), ref: 00401E57
                                                                                                                                                                                    • GlobalAlloc.KERNEL32(00000040,00000010), ref: 0040208C
                                                                                                                                                                                    • memcpy.MSVCRT ref: 00402099
                                                                                                                                                                                    • CoInitialize.OLE32(00000000), ref: 004020A2
                                                                                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000000,?), ref: 004020AE
                                                                                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,00415E04,?), ref: 004020D3
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 004020E3
                                                                                                                                                                                      • Part of subcall function 00401EDE: GetWindowDC.USER32(00000000), ref: 00401EEA
                                                                                                                                                                                      • Part of subcall function 00401EDE: GetDeviceCaps.GDI32(00000000,00000058), ref: 00401EF6
                                                                                                                                                                                      • Part of subcall function 00401EDE: MulDiv.KERNEL32(00000000,00000064,00000060), ref: 00401F0F
                                                                                                                                                                                      • Part of subcall function 00401EDE: GetObjectW.GDI32(?,00000018,?), ref: 00401F3E
                                                                                                                                                                                      • Part of subcall function 00401EDE: MulDiv.KERNEL32(?,00000003,00000002), ref: 00401F49
                                                                                                                                                                                      • Part of subcall function 00401EDE: MulDiv.KERNEL32(?,00000003,00000002), ref: 00401F53
                                                                                                                                                                                      • Part of subcall function 00401EDE: CreateCompatibleDC.GDI32(?), ref: 00401F61
                                                                                                                                                                                      • Part of subcall function 00401EDE: CreateCompatibleDC.GDI32(?), ref: 00401F68
                                                                                                                                                                                      • Part of subcall function 00401EDE: SelectObject.GDI32(00000000,?), ref: 00401F76
                                                                                                                                                                                      • Part of subcall function 00401EDE: CreateCompatibleBitmap.GDI32(?,?,?), ref: 00401F84
                                                                                                                                                                                      • Part of subcall function 00401EDE: SelectObject.GDI32(00000000,00000000), ref: 00401F8C
                                                                                                                                                                                      • Part of subcall function 00401EDE: SetStretchBltMode.GDI32(00000000,00000004), ref: 00401F94
                                                                                                                                                                                      • Part of subcall function 00401EDE: StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00CC0020), ref: 00401FB3
                                                                                                                                                                                      • Part of subcall function 00401EDE: GetCurrentObject.GDI32(00000000,00000007), ref: 00401FBC
                                                                                                                                                                                      • Part of subcall function 00401EDE: SelectObject.GDI32(00000000,?), ref: 00401FC9
                                                                                                                                                                                      • Part of subcall function 00401EDE: SelectObject.GDI32(00000000,?), ref: 00401FCF
                                                                                                                                                                                      • Part of subcall function 00401EDE: DeleteDC.GDI32(00000000), ref: 00401FD8
                                                                                                                                                                                      • Part of subcall function 00401EDE: DeleteDC.GDI32(00000000), ref: 00401FDB
                                                                                                                                                                                      • Part of subcall function 00401EDE: ReleaseDC.USER32(00000000,?), ref: 00401FE2
                                                                                                                                                                                    • GetObjectW.GDI32(00000000,00000018,?), ref: 00402115
                                                                                                                                                                                    • SetWindowPos.USER32(00000010,00000000,00000000,00000000,?,?,00000006), ref: 00402129
                                                                                                                                                                                    • SendMessageW.USER32(00000010,00000172,00000000,?), ref: 0040213B
                                                                                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00402150
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Object$Resource$CreateGlobalSelect$CompatibleWindow$DeleteFindFreeLoadStretch$AllocBitmapCapsClassCurrentDeviceHandleInitializeLockLongMenuMessageModeModuleNamePictureReleaseSendSizeofStreamlstrcmpimemcpy
                                                                                                                                                                                    • String ID: IMAGES$STATIC
                                                                                                                                                                                    • API String ID: 4202116410-1168396491
                                                                                                                                                                                    • Opcode ID: 75b4482697df260aab65a5a7941d5379e2b77aabc16fc078eb73c221e7c7ff8a
                                                                                                                                                                                    • Instruction ID: 91dfa6bffb294d6a5faa91ea44976e7f2bf651e64a1983605f27e53e7953ab13
                                                                                                                                                                                    • Opcode Fuzzy Hash: 75b4482697df260aab65a5a7941d5379e2b77aabc16fc078eb73c221e7c7ff8a
                                                                                                                                                                                    • Instruction Fuzzy Hash: C4416B71A00118FFCB119FA1DD4CDEE7F7DEF49741B0080A5F605AA2A0D7758A81DBA8
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00408B49 Relevance: 27.1, APIs: 18, Instructions: 144windowcomtimeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00407209: GetDlgItem.USER32(?,?), ref: 00407216
                                                                                                                                                                                      • Part of subcall function 00407209: ShowWindow.USER32(00000000,?), ref: 0040722D
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B8), ref: 00408B76
                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00408B85
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 00408BCC
                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00408BD1
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 00408BE1
                                                                                                                                                                                    • SetWindowLongW.USER32(00000000), ref: 00408BE4
                                                                                                                                                                                    • GetSystemMenu.USER32(?,00000000,000004B4,00000000), ref: 00408C0A
                                                                                                                                                                                    • EnableMenuItem.USER32(00000000,0000F060,00000001), ref: 00408C1C
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B4), ref: 00408C26
                                                                                                                                                                                    • SetFocus.USER32(00000000), ref: 00408C29
                                                                                                                                                                                    • SetTimer.USER32(?,00000001,00000000,00000000), ref: 00408C58
                                                                                                                                                                                    • CoCreateInstance.OLE32(00415E34,00000000,00000001,00415B08,?), ref: 00408C7C
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00408C99
                                                                                                                                                                                    • IsWindow.USER32(00000000), ref: 00408C9C
                                                                                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00408CAC
                                                                                                                                                                                    • EnableWindow.USER32(00000000), ref: 00408CAF
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 00408CC3
                                                                                                                                                                                    • ShowWindow.USER32(00000000), ref: 00408CC6
                                                                                                                                                                                      • Part of subcall function 00407A6A: GetDlgItem.USER32(?,000004B6), ref: 00407A78
                                                                                                                                                                                      • Part of subcall function 004086FE: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00408AC8), ref: 00408727
                                                                                                                                                                                      • Part of subcall function 004086FE: LoadIconW.USER32(00000000), ref: 0040872A
                                                                                                                                                                                      • Part of subcall function 004086FE: GetSystemMetrics.USER32(00000032), ref: 0040873E
                                                                                                                                                                                      • Part of subcall function 004086FE: GetSystemMetrics.USER32(00000031), ref: 00408743
                                                                                                                                                                                      • Part of subcall function 004086FE: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00408AC8), ref: 0040874C
                                                                                                                                                                                      • Part of subcall function 004086FE: LoadImageW.USER32(00000000), ref: 0040874F
                                                                                                                                                                                      • Part of subcall function 004086FE: SendMessageW.USER32(?,00000080,00000001,?), ref: 0040876F
                                                                                                                                                                                      • Part of subcall function 004086FE: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408778
                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B2), ref: 00408794
                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B2), ref: 0040879E
                                                                                                                                                                                      • Part of subcall function 004086FE: GetWindowLongW.USER32(?,000000F0), ref: 004087AA
                                                                                                                                                                                      • Part of subcall function 004086FE: SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087B9
                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B5), ref: 004087C7
                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B5), ref: 004087D5
                                                                                                                                                                                      • Part of subcall function 004086FE: GetWindowLongW.USER32(?,000000F0), ref: 004087E1
                                                                                                                                                                                      • Part of subcall function 004086FE: SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087F0
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Item$Window$Long$MessageSendSystem$EnableHandleLoadMenuMetricsModuleShow$CreateFocusIconImageInstanceTimer
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1057135554-0
                                                                                                                                                                                    • Opcode ID: eaf23160efd0307f89d7b68af9e71152053e371a4570ee8adff50cbc9787fa7e
                                                                                                                                                                                    • Instruction ID: 224722099809db51628d05960710a87cde38d463417800169f27d4d88e92d86b
                                                                                                                                                                                    • Opcode Fuzzy Hash: eaf23160efd0307f89d7b68af9e71152053e371a4570ee8adff50cbc9787fa7e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 98418B70604708AFEA206F66DE49F577BADEB80B04F11843DF555A62E1CF79B840CA2C
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00407324 Relevance: 24.3, APIs: 16, Instructions: 294COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B3), ref: 0040734C
                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00407351
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B4), ref: 00407388
                                                                                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 0040738D
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000010), ref: 0040740F
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000011), ref: 00407415
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 0040741C
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00407423
                                                                                                                                                                                    • GetParent.USER32(?), ref: 00407447
                                                                                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00407459
                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 0040746C
                                                                                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,00000000,00000004), ref: 004074D2
                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 0040756C
                                                                                                                                                                                      • Part of subcall function 004072F5: GetDlgItem.USER32(?,?), ref: 00407313
                                                                                                                                                                                      • Part of subcall function 004072F5: SetWindowPos.USER32(00000000), ref: 0040731A
                                                                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00407475
                                                                                                                                                                                      • Part of subcall function 004071EC: GetDlgItem.USER32(?,?), ref: 004071F8
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 004075F1
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 004075F8
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MetricsSystem$ClientItemWindow$LongRectScreen$Parent
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 747815384-0
                                                                                                                                                                                    • Opcode ID: 35f39b259cb15be5e21bf055192cb3e2893df2de53a1a99aaff2ca9cd82b522a
                                                                                                                                                                                    • Instruction ID: a0ad394a55fa0a1721489591c3d48553244f7f891a42e1949470b4e54b7fd047
                                                                                                                                                                                    • Opcode Fuzzy Hash: 35f39b259cb15be5e21bf055192cb3e2893df2de53a1a99aaff2ca9cd82b522a
                                                                                                                                                                                    • Instruction Fuzzy Hash: B2A12A71E04209AFDB14CFB9CD85AEEBBF9EB48304F148529E905F3291D778E9408B65
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040342C Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 264COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004034B5
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004034BD
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004036E3
                                                                                                                                                                                      • Part of subcall function 004026C6: ??3@YAXPAX@Z.MSVCRT ref: 004026CC
                                                                                                                                                                                      • Part of subcall function 004026C6: ??3@YAXPAX@Z.MSVCRT ref: 004026D3
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00403710
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                    • String ID: 0FA$SetEnvironment${\rtf
                                                                                                                                                                                    • API String ID: 613200358-2399711308
                                                                                                                                                                                    • Opcode ID: aead385157c82b7c219bbd3d7c00389fbb86455fc61183a475b0089a0c44149e
                                                                                                                                                                                    • Instruction ID: a9b0ba56adfd3770e1cd5829527a668cbe659d9fbc84a1bfbaef92eb180e3906
                                                                                                                                                                                    • Opcode Fuzzy Hash: aead385157c82b7c219bbd3d7c00389fbb86455fc61183a475b0089a0c44149e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1A91BF71900109BBCF21EF91CC46AEEBB78AF1430AF20447BE941772E1DA795B46DB49
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00407852 Relevance: 16.6, APIs: 11, Instructions: 87windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetParent.USER32(?), ref: 00407860
                                                                                                                                                                                    • GetWindowLongW.USER32(00000000), ref: 00407867
                                                                                                                                                                                    • DefWindowProcW.USER32(?,?,?,?), ref: 0040787D
                                                                                                                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 0040789A
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000031), ref: 004078AC
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000032), ref: 004078B3
                                                                                                                                                                                    • GetWindowDC.USER32(?), ref: 004078C5
                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 004078D2
                                                                                                                                                                                    • DrawIconEx.USER32(00000000,?,?,?,?,?,00000000,00000000,00000003), ref: 00407906
                                                                                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 0040790E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$MetricsProcSystem$CallDrawIconLongParentRectRelease
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2586545124-0
                                                                                                                                                                                    • Opcode ID: 3ece1157a758dadcf56a3a709e15e99760e1987f316051d3c357604a5bc7be5e
                                                                                                                                                                                    • Instruction ID: 52be0402dc7b357b4bf34bc6e6a675404a41cf5866785f5d5035100a8e7da033
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ece1157a758dadcf56a3a709e15e99760e1987f316051d3c357604a5bc7be5e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B21FC7660021ABFDB019FA8ED48EDF3BADFB48351F048521FA15E2191CB74E920CB65
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403BCE Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 92COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$wsprintf
                                                                                                                                                                                    • String ID: :%hs$:Language:%u$;!@Install@!UTF-8!$;!@InstallEnd@!
                                                                                                                                                                                    • API String ID: 2704270482-695273242
                                                                                                                                                                                    • Opcode ID: f49523a2291f1971c7c1c4c7b7f678881820b371c4b6fcae318aa363513aa49d
                                                                                                                                                                                    • Instruction ID: 1b8667397c12d336e930ce8dd478f3c0f5fcbcef1a4eca0425c6607baeb60929
                                                                                                                                                                                    • Opcode Fuzzy Hash: f49523a2291f1971c7c1c4c7b7f678881820b371c4b6fcae318aa363513aa49d
                                                                                                                                                                                    • Instruction Fuzzy Hash: F12121B17005086BDF05EAA58D85EFE73ADAB88708F14402EB505F31C1DBBCAA458759
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404F96 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78synchronizationCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$CloseExecuteHandleObjectShellSingleWaitmemset
                                                                                                                                                                                    • String ID: $WA
                                                                                                                                                                                    • API String ID: 2700081640-874810811
                                                                                                                                                                                    • Opcode ID: 3dad7f3609fc777b96927d682e2c8745c59061873fc16912b4cf419d48e2912f
                                                                                                                                                                                    • Instruction ID: 8cdcfedd5936f543e78769933c75d32c6245f9f3c5592d88d5a60bc16fc1c1df
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3dad7f3609fc777b96927d682e2c8745c59061873fc16912b4cf419d48e2912f
                                                                                                                                                                                    • Instruction Fuzzy Hash: C0216D71804209ABDF11EF95D845AEFBBB8EF44318F10812BFA15B61A0DB785989CF84
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00407057 Relevance: 13.5, APIs: 9, Instructions: 47windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B3), ref: 0040706B
                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 0040707E
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B4), ref: 00407088
                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F4,00000000,00000001), ref: 00407090
                                                                                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 004070A0
                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 004070A9
                                                                                                                                                                                    • SendMessageW.USER32(00000000,000000F4,00000001,00000001), ref: 004070B1
                                                                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 004070BA
                                                                                                                                                                                    • SetFocus.USER32(00000000,?,?,00000000,00407FAE,000004B3,00000000,?,000004B3), ref: 004070BD
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ItemMessageSend$Focus
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3946207451-0
                                                                                                                                                                                    • Opcode ID: 0fc6dd28cd98c92534448f4fcc92f52223e7101c96fd3207fd34216a5bdc41e5
                                                                                                                                                                                    • Instruction ID: 5d9f80474de4dcc3f376415b50596b4d6f25ba69a104e928cd55d4f6a31a8c04
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0fc6dd28cd98c92534448f4fcc92f52223e7101c96fd3207fd34216a5bdc41e5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 46F04F712403087BEA212B61DD86F9BBA5EDF80B94F018425F350660F0CBF3AC509A28
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00407678 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(uxtheme,?,004089BB,000004B1,00000000,?,?,?,?,?,00408AC8), ref: 00407680
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 00407691
                                                                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 004076AA
                                                                                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 004076C0
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$AddressLibraryLoadProc
                                                                                                                                                                                    • String ID: XA$SetWindowTheme$uxtheme
                                                                                                                                                                                    • API String ID: 324724604-3019689983
                                                                                                                                                                                    • Opcode ID: 1868035f0e72e64a460ab4f3ad1c9a181874f3c559f2ba787c374269699430c0
                                                                                                                                                                                    • Instruction ID: f904700b681b15efec0ce33b5b1de5db2a7474ba9eb9f73b1446f12cb5275619
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1868035f0e72e64a460ab4f3ad1c9a181874f3c559f2ba787c374269699430c0
                                                                                                                                                                                    • Instruction Fuzzy Hash: F8F02732A45F2573C231126A6C48EAB7A9CDFC5B307064536B804F7380DA6ADC4081ED
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004076CD Relevance: 12.1, APIs: 8, Instructions: 69COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • memcpy.MSVCRT ref: 004076EC
                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000029,00000000,?,00000000), ref: 0040770B
                                                                                                                                                                                    • GetDC.USER32(00000000), ref: 00407716
                                                                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00407722
                                                                                                                                                                                    • MulDiv.KERNEL32(?,00000048,00000000), ref: 00407731
                                                                                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 0040773F
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00407767
                                                                                                                                                                                    • DialogBoxIndirectParamW.USER32(00000000,?,?,Function_00006F0F), ref: 0040779C
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CapsDeviceDialogHandleIndirectInfoModuleParamParametersReleaseSystemmemcpy
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2693764856-0
                                                                                                                                                                                    • Opcode ID: f31c46d79efd12f0c6e31496684c0613d70d8776a133cac82a1eefdee8320659
                                                                                                                                                                                    • Instruction ID: afc10ac911df07e4e6cf66ea75b89f896700515d4e888b71f534ad2bf84f0f11
                                                                                                                                                                                    • Opcode Fuzzy Hash: f31c46d79efd12f0c6e31496684c0613d70d8776a133cac82a1eefdee8320659
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5321D5B1940219BFD7215FA19C89EEB7B7CFF44741F0000B6FA09E2290D7345E948B69
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040723B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDC.USER32(?), ref: 0040724B
                                                                                                                                                                                    • GetSystemMetrics.USER32(0000000B), ref: 00407267
                                                                                                                                                                                    • GetSystemMetrics.USER32(0000003D), ref: 00407270
                                                                                                                                                                                    • GetSystemMetrics.USER32(0000003E), ref: 00407278
                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 00407295
                                                                                                                                                                                    • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 004072B0
                                                                                                                                                                                    • SelectObject.GDI32(?,?), ref: 004072D6
                                                                                                                                                                                    • ReleaseDC.USER32(?,?), ref: 004072E5
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MetricsSystem$ObjectSelect$DrawReleaseText
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2466489532-0
                                                                                                                                                                                    • Opcode ID: 3fc5bb8d8ce0059ed4a313ac0909580b77e08559f279fdacdcb38977844fadab
                                                                                                                                                                                    • Instruction ID: 6f10caf3c91ec906ab8c69a2f752e165f8fbbbb970a8871ef44e176c1e6f5179
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fc5bb8d8ce0059ed4a313ac0909580b77e08559f279fdacdcb38977844fadab
                                                                                                                                                                                    • Instruction Fuzzy Hash: ED216A72900209AFCB018FA5DD44A8EBFF4EF48360F11C4AAF519A72A0D335AA40DF44
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040CD59 Relevance: 12.0, APIs: 1, Strings: 7, Instructions: 42COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _CxxThrowException.MSVCRT(x\A,00415FC8), ref: 0040CDF1
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionThrow
                                                                                                                                                                                    • String ID: $\A$4\A$D\A$T\A$h\A$x\A$x\A
                                                                                                                                                                                    • API String ID: 432778473-4237324355
                                                                                                                                                                                    • Opcode ID: 42af2ecacb29d270843999158bbdf4f88e41a002526f962cdbd600073b257eea
                                                                                                                                                                                    • Instruction ID: 4c22c63eab4b6001538c3dc2317f457de0ef6912c253ce436c5b2a5e9cf33ab3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 42af2ecacb29d270843999158bbdf4f88e41a002526f962cdbd600073b257eea
                                                                                                                                                                                    • Instruction Fuzzy Hash: 771190B0511F44DBC730DF16D5884CAFBF8AF957187108A1FD19A9BA50E3F8A189CB98
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004081A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 102windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004081E3
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B8), ref: 00408201
                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000402,00000000,00000000), ref: 00408213
                                                                                                                                                                                    • wsprintfW.USER32 ref: 00408231
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004082C9
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@ItemMessageSendUnothrow_t@std@@@__ehfuncinfo$??2@wsprintf
                                                                                                                                                                                    • String ID: %d%%
                                                                                                                                                                                    • API String ID: 3753976982-1518462796
                                                                                                                                                                                    • Opcode ID: 457fc8b35127749c65dd16bf8158b9fc58c40c98c13063741f6e3564d0e2e04f
                                                                                                                                                                                    • Instruction ID: d547d5554fea010f519209f47393056b7b5c94104caa36f0b20f7048e519bd49
                                                                                                                                                                                    • Opcode Fuzzy Hash: 457fc8b35127749c65dd16bf8158b9fc58c40c98c13063741f6e3564d0e2e04f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B31B131900704BBCB11AFA0DE45EDA7BB9FF44704F10846EF646A62E1CB79AA10CB58
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004083C0 Relevance: 10.6, APIs: 7, Instructions: 63timethreadinjectionCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 004083DA
                                                                                                                                                                                    • KillTimer.USER32(?,00000001), ref: 004083EB
                                                                                                                                                                                    • SetTimer.USER32(?,00000001,00000000,00000000), ref: 00408415
                                                                                                                                                                                    • SuspendThread.KERNEL32(00000348), ref: 0040842E
                                                                                                                                                                                    • ResumeThread.KERNEL32(00000348), ref: 0040844B
                                                                                                                                                                                    • EndDialog.USER32(?,00000000), ref: 0040846D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DialogThreadTimer$KillResumeSuspend
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4151135813-0
                                                                                                                                                                                    • Opcode ID: e75cb11098a165f3e00a93ead61a02ee0602d1603e20a081ddaa5bed579dc4cd
                                                                                                                                                                                    • Instruction ID: 48b16cdcac2f029ef5c3ce809d25cb41ce606689494225ec37f78696aa4d263a
                                                                                                                                                                                    • Opcode Fuzzy Hash: e75cb11098a165f3e00a93ead61a02ee0602d1603e20a081ddaa5bed579dc4cd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 79118F71600209AFD7202F62FE84AA73BADEB80B45714C43EF596A11B1DF359C01DA5C
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040405E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                    • String ID: %%M/$%%M\
                                                                                                                                                                                    • API String ID: 613200358-4143866494
                                                                                                                                                                                    • Opcode ID: 930ba2b452bb338f3708720a774b8cfd5dcf9c46a5eeea08537740bd0aa8effb
                                                                                                                                                                                    • Instruction ID: ae7ccff3c4984ef899f0664094611f881c6179175724c87e9ac4d6adf99dc5ad
                                                                                                                                                                                    • Opcode Fuzzy Hash: 930ba2b452bb338f3708720a774b8cfd5dcf9c46a5eeea08537740bd0aa8effb
                                                                                                                                                                                    • Instruction Fuzzy Hash: AF11D73190010EAACF05FFA1D956DEEBB79AF00318F50456AB521760E1DBB86699CB88
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403EE8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                    • String ID: %%T/$%%T\
                                                                                                                                                                                    • API String ID: 613200358-2679640699
                                                                                                                                                                                    • Opcode ID: 4fdce2511c859f55d8219822b4ab85f6aa8ed358adc32d7bfe447d36da80228b
                                                                                                                                                                                    • Instruction ID: 1540654d000bee33f0bf236bf2786ca3bc36bf969bc56e1bcbd04563868c3890
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fdce2511c859f55d8219822b4ab85f6aa8ed358adc32d7bfe447d36da80228b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F11073190010EAACF05FFA1D946CEEBB39AF00318F10452AB511724E1DBB86699CB98
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00403FA3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@
                                                                                                                                                                                    • String ID: %%S/$%%S\
                                                                                                                                                                                    • API String ID: 613200358-358529586
                                                                                                                                                                                    • Opcode ID: e0f992ba691d3d8e6fe607061ecc69466182fb3c7532a31d8d5cfd91c1c5a6cb
                                                                                                                                                                                    • Instruction ID: 46769830cf2248f7da0d90b8b5e5a17041a4a2d7ad556ba568fe6d8d869660d1
                                                                                                                                                                                    • Opcode Fuzzy Hash: e0f992ba691d3d8e6fe607061ecc69466182fb3c7532a31d8d5cfd91c1c5a6cb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9F11E93190010EBACF05FFA1DD56DEEBB79AF0031CF50456AB521720E1DBB86699CB88
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004054F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00405572
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004055D4
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004055EC
                                                                                                                                                                                      • Part of subcall function 0040371D: lstrlenW.KERNEL32(004017FB,00000000,?,?,?,?,?,?,004017FB,?), ref: 0040372A
                                                                                                                                                                                      • Part of subcall function 0040371D: GetSystemTimeAsFileTime.KERNEL32(?,004017FB,?,?,?,?,004017FB,?), ref: 004037A0
                                                                                                                                                                                      • Part of subcall function 0040371D: GetFileAttributesW.KERNELBASE(?,?,?,?,?,004017FB,?), ref: 004037A7
                                                                                                                                                                                      • Part of subcall function 0040371D: ??3@YAXPAX@Z.MSVCRT ref: 00403866
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$FileTime$AttributesSystemlstrlen
                                                                                                                                                                                    • String ID: ;!@Install@!UTF-8!$;!@InstallEnd@!
                                                                                                                                                                                    • API String ID: 4038993085-372238525
                                                                                                                                                                                    • Opcode ID: 0ebd53fb5d47c7bf41de42006fbab05474753a9fdfed443cfd8ad3a1bb2eab0c
                                                                                                                                                                                    • Instruction ID: e37cdd1bb20b18eb0c9aa4d9d77910c01642be129359a522859184d78abb527a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0ebd53fb5d47c7bf41de42006fbab05474753a9fdfed443cfd8ad3a1bb2eab0c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8131377580021EAACF05EF92CD819EEBB75FF54318F10042BE811B22E1DB795A45DB58
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: wsprintf$ExitProcesslstrcat
                                                                                                                                                                                    • String ID: 0x%p
                                                                                                                                                                                    • API String ID: 2530384128-1745605757
                                                                                                                                                                                    • Opcode ID: efaa74bb8e783b89e2550c26a3ba915e44d67ba2621a20dac2b5c57b7e42c894
                                                                                                                                                                                    • Instruction ID: 1314f2abe56a8853062125fdc791d10c761366de72a6b198a385f2dfa53c0856
                                                                                                                                                                                    • Opcode Fuzzy Hash: efaa74bb8e783b89e2550c26a3ba915e44d67ba2621a20dac2b5c57b7e42c894
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4E1142B1800208AFDB20EFA4DE859DA77B8BF44304F10447BE645E3591DB74AA948F69
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00407DD0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • memset.MSVCRT ref: 00407DE5
                                                                                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00407DFE
                                                                                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 00407E1A
                                                                                                                                                                                    • SHGetMalloc.SHELL32(00000000), ref: 00407E44
                                                                                                                                                                                      • Part of subcall function 00407BBF: GetDlgItem.USER32(?,000004B6), ref: 00407BCC
                                                                                                                                                                                      • Part of subcall function 00407BBF: SetFocus.USER32(00000000,?,?,00407CB3,000004B6,?), ref: 00407BD3
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: BrowseFocusFolderFromItemListMallocPathmemset
                                                                                                                                                                                    • String ID: A
                                                                                                                                                                                    • API String ID: 1557639607-3554254475
                                                                                                                                                                                    • Opcode ID: 2b098266b39b3f668ca56778adddcd14bb4c1f8d57c6151e1855998d85c55c2b
                                                                                                                                                                                    • Instruction ID: a4824954b2f530c4be457b4d48ab3620df28fe7afd7e0c092b1d321795545aed
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b098266b39b3f668ca56778adddcd14bb4c1f8d57c6151e1855998d85c55c2b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 58112471A042049BDB10DBA5D988BDE77BCAB84744F1000B9E905E7280DB78EF44CBB5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402B9D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(00000000,?,00000001,00000000,?,?,?), ref: 00402BCE
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402BD7
                                                                                                                                                                                      • Part of subcall function 0040119E: ??2@YAPAXI@Z.MSVCRT ref: 004011BE
                                                                                                                                                                                      • Part of subcall function 0040119E: ??3@YAXPAX@Z.MSVCRT ref: 004011E4
                                                                                                                                                                                    • ExpandEnvironmentStringsW.KERNEL32(SetEnvironment,00000000,00000001,00000001,SetEnvironment), ref: 00402BEF
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402C0F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$EnvironmentExpandStrings$??2@
                                                                                                                                                                                    • String ID: SetEnvironment
                                                                                                                                                                                    • API String ID: 612612615-360490078
                                                                                                                                                                                    • Opcode ID: a2a4f3360b3c8d56214f59353e34f3ca1856ba1f341c44cfbe288398d993be4c
                                                                                                                                                                                    • Instruction ID: 7a1986039434bfea8fb976bad68b9fec1708bfa62b9b7c4d92bd289c52dd9e7c
                                                                                                                                                                                    • Opcode Fuzzy Hash: a2a4f3360b3c8d56214f59353e34f3ca1856ba1f341c44cfbe288398d993be4c
                                                                                                                                                                                    • Instruction Fuzzy Hash: BE015272D04108BADB15AF95ED85DEEB77CAF44314F10406BF901F31D1EBB46A808A98
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404677 Relevance: 7.6, APIs: 5, Instructions: 96stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenW.KERNEL32(004183B0,00000020,-00000002,-00000004,0040601F,-00000002,?,?,00000000,0000000A), ref: 00404690
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404742
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040474A
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404759
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404761
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$lstrlen
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2031685711-0
                                                                                                                                                                                    • Opcode ID: 679261e20d504ff0fa30c22afcfcc88d279783148817cbf2474602e6ce08a9f1
                                                                                                                                                                                    • Instruction ID: e452c8b9580ad5b4e9c5ad8253c2bd18b5e641b8773d8d819885c06dfbd1aa5e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 679261e20d504ff0fa30c22afcfcc88d279783148817cbf2474602e6ce08a9f1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8F21F7B6D00204ABCF206FA0C805AEB77A8EF96354F14487BEA41B72D1E77D59858698
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004080B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 85COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00407A9A: GetSystemMetrics.USER32(0000000B), ref: 00407AC2
                                                                                                                                                                                      • Part of subcall function 00407A9A: GetSystemMetrics.USER32(0000000C), ref: 00407ACB
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 004080C7
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 004080D8
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040819F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MetricsSystem$??3@
                                                                                                                                                                                    • String ID: 100%%
                                                                                                                                                                                    • API String ID: 2562992111-568723177
                                                                                                                                                                                    • Opcode ID: 1d3356155171d20d1060961e5db07983a5804e7e0261b83f935505b6160bc46f
                                                                                                                                                                                    • Instruction ID: 361b5331053c267c82135be000a438b6f2aafb9a8e426eb0e0de44657c638489
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d3356155171d20d1060961e5db07983a5804e7e0261b83f935505b6160bc46f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1031A271A007059FCB20DF69CE459AEB7F4AF50708B10052ED582A62D1DB74FE45CBA9
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404EC8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00407CB6: GetSystemMetrics.USER32(00000010), ref: 00407CF8
                                                                                                                                                                                      • Part of subcall function 00407CB6: GetSystemMetrics.USER32(00000011), ref: 00407D06
                                                                                                                                                                                    • wsprintfW.USER32 ref: 00404F48
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404F85
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: MetricsSystem$??3@wsprintf
                                                                                                                                                                                    • String ID: %X - %03X - %03X - %03X - %03X$xSA
                                                                                                                                                                                    • API String ID: 1174869416-2200552790
                                                                                                                                                                                    • Opcode ID: 4acf813f402e01dbded71cb55099d196ab8731fd289f29243308cef7e3c24851
                                                                                                                                                                                    • Instruction ID: 40de33091f6d7bfb9cb16c884b275a10ef5d6579019540d7c3242ae87892468d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4acf813f402e01dbded71cb55099d196ab8731fd289f29243308cef7e3c24851
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8D117C71D4421CABDB11AB90DD46FEDB334BB44708F20417EB6597A0E2DBB82A44CB99
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404247 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26stringCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • lstrlenW.KERNEL32(|g@,00000000,?,00000000,0040428E,00000000,00000000,0040677C,?,waitall,00000000,00000000,?,?,004187D0), ref: 00404254
                                                                                                                                                                                    • lstrlenW.KERNEL32(?,?,?,004187D0), ref: 0040425D
                                                                                                                                                                                    • _wcsnicmp.MSVCRT ref: 00404269
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: lstrlen$_wcsnicmp
                                                                                                                                                                                    • String ID: |g@
                                                                                                                                                                                    • API String ID: 2823567412-4274713814
                                                                                                                                                                                    • Opcode ID: 8992e580c2879bf2cf1974d0f1fd0d83e29de68f0bfec66311d505a649ea88d3
                                                                                                                                                                                    • Instruction ID: 91fd41af1b4c5a631b7d1c9a566814b64cdbe312f0f5f3dcf94e635f0d89012e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8992e580c2879bf2cf1974d0f1fd0d83e29de68f0bfec66311d505a649ea88d3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 13E04F726042155BCA008BA5AC84C4B7BADEAC8399B14087AF700D2161E735D8158BB5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004023E1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32,Wow64RevertWow64FsRedirection,00406ACC,00000000,?,?), ref: 004023F4
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 004023FB
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32
                                                                                                                                                                                    • API String ID: 2574300362-3900151262
                                                                                                                                                                                    • Opcode ID: fc8a105a084ed9362e95b51bbe18b35c476ad17b6e1470a8481edb99e814b72d
                                                                                                                                                                                    • Instruction ID: e6431754f0bb42eea3281cd090f065db593f33429da415fe5b8d4e5d76c2fc8e
                                                                                                                                                                                    • Opcode Fuzzy Hash: fc8a105a084ed9362e95b51bbe18b35c476ad17b6e1470a8481edb99e814b72d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 46D0C970281201BBD7541BB0EE0DBD636A9E7C0B0AF64C53AA510A00F1CFBC84C0CA2C
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402415 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • LoadLibraryA.KERNEL32(kernel32,Wow64DisableWow64FsRedirection,0040246B,?,00406A06,?,00000000,?,?), ref: 00402426
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000), ref: 0040242D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressLibraryLoadProc
                                                                                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32
                                                                                                                                                                                    • API String ID: 2574300362-736604160
                                                                                                                                                                                    • Opcode ID: 37665ca539f3be4570db02a906197ebf596f47f328cc02b1eb8054edfcc0c386
                                                                                                                                                                                    • Instruction ID: 356b9ffe611459cab99037cfc994ce0ef5e0ec7a2b6c4e96b739cb0aff8c561e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 37665ca539f3be4570db02a906197ebf596f47f328cc02b1eb8054edfcc0c386
                                                                                                                                                                                    • Instruction Fuzzy Hash: 60D0C9702812007BD7505BA4DD0DBC535A4ABD0B06F7080396114910E0CAFC8080C62D
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00402E02 Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402F08
                                                                                                                                                                                      • Part of subcall function 00402B04: MultiByteToWideChar.KERNEL32(00000020,00000000,00000024,?,00000000,?,?,00000020,00000024,00000000,00402E66,?,?,00000000,00000000,00000000), ref: 00402B36
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402E75
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402E90
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00402E98
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@$ByteCharMultiWide
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1731127917-0
                                                                                                                                                                                    • Opcode ID: 0584d9ab257a190e7f513fa0c5a61e9cc9bc359e4559b65697e670358d67a84a
                                                                                                                                                                                    • Instruction ID: 1cb3068dceb16179bed37d7bcba6770f4cb49ce50885e45661cd5ff88b0b85c6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0584d9ab257a190e7f513fa0c5a61e9cc9bc359e4559b65697e670358d67a84a
                                                                                                                                                                                    • Instruction Fuzzy Hash: F3319172844119AADB04FBA6DD469EF73B8EF40318F10443FF857B25E1EA7CA9448698
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404571 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000001,00000000,00000002,00000000,00406D34,00000000,?,?,00405397,?,7ZSfx%03x.cmd), ref: 00404594
                                                                                                                                                                                    • GetTempPathW.KERNEL32(00000001,00000000,00000001,?,?,00405397,?,7ZSfx%03x.cmd), ref: 004045B1
                                                                                                                                                                                    • wsprintfW.USER32 ref: 004045E7
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00404602
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: PathTemp$AttributesFilewsprintf
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1746483863-0
                                                                                                                                                                                    • Opcode ID: 82427edfe5bfc4f19eec22ff1e03e6e09f811527fc585024896cf2e26f26031f
                                                                                                                                                                                    • Instruction ID: 38ee7099452fd1027c0558441710595ee25a108be248788551c438e886588400
                                                                                                                                                                                    • Opcode Fuzzy Hash: 82427edfe5bfc4f19eec22ff1e03e6e09f811527fc585024896cf2e26f26031f
                                                                                                                                                                                    • Instruction Fuzzy Hash: DB112472100204BFD7119F59DC84AADB7F8FF84354F10802EF905972E1DBB9A950CB98
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 0040C2CE Relevance: 6.1, APIs: 4, Instructions: 58COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??2@??3@ExceptionThrowmemcpy
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3462485524-0
                                                                                                                                                                                    • Opcode ID: 8993675b501ddc973c06e67f6b830ad4b958660d0c75312d76430f3baba84cf0
                                                                                                                                                                                    • Instruction ID: a52cf72bba6676f7490f1024090531b7bd79135e1d2ccc858ac5def135e82823
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8993675b501ddc973c06e67f6b830ad4b958660d0c75312d76430f3baba84cf0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7211E572600304ABCB289F56C9C1D5BF7E9AB84350710CA3FF919E7681C775E8864758
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00408A2F Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 004071EC: GetDlgItem.USER32(?,?), ref: 004071F8
                                                                                                                                                                                      • Part of subcall function 00407209: GetDlgItem.USER32(?,?), ref: 00407216
                                                                                                                                                                                      • Part of subcall function 00407209: ShowWindow.USER32(00000000,?), ref: 0040722D
                                                                                                                                                                                    • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00408A77
                                                                                                                                                                                    • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00000103), ref: 00408A97
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B7), ref: 00408AAA
                                                                                                                                                                                    • SetWindowLongW.USER32(00000000,000000FC,Function_00007852), ref: 00408AB8
                                                                                                                                                                                      • Part of subcall function 004086FE: GetModuleHandleW.KERNEL32(00000000,00000065,000004B7,?,?,?,?,?,00408AC8), ref: 00408727
                                                                                                                                                                                      • Part of subcall function 004086FE: LoadIconW.USER32(00000000), ref: 0040872A
                                                                                                                                                                                      • Part of subcall function 004086FE: GetSystemMetrics.USER32(00000032), ref: 0040873E
                                                                                                                                                                                      • Part of subcall function 004086FE: GetSystemMetrics.USER32(00000031), ref: 00408743
                                                                                                                                                                                      • Part of subcall function 004086FE: GetModuleHandleW.KERNEL32(00000000,00000065,00000001,00000000,?,?,?,?,?,00408AC8), ref: 0040874C
                                                                                                                                                                                      • Part of subcall function 004086FE: LoadImageW.USER32(00000000), ref: 0040874F
                                                                                                                                                                                      • Part of subcall function 004086FE: SendMessageW.USER32(?,00000080,00000001,?), ref: 0040876F
                                                                                                                                                                                      • Part of subcall function 004086FE: SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00408778
                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B2), ref: 00408794
                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B2), ref: 0040879E
                                                                                                                                                                                      • Part of subcall function 004086FE: GetWindowLongW.USER32(?,000000F0), ref: 004087AA
                                                                                                                                                                                      • Part of subcall function 004086FE: SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087B9
                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B5), ref: 004087C7
                                                                                                                                                                                      • Part of subcall function 004086FE: GetDlgItem.USER32(?,000004B5), ref: 004087D5
                                                                                                                                                                                      • Part of subcall function 004086FE: GetWindowLongW.USER32(?,000000F0), ref: 004087E1
                                                                                                                                                                                      • Part of subcall function 004086FE: SetWindowLongW.USER32(?,000000F0,00000000), ref: 004087F0
                                                                                                                                                                                      • Part of subcall function 00407BBF: GetDlgItem.USER32(?,000004B6), ref: 00407BCC
                                                                                                                                                                                      • Part of subcall function 00407BBF: SetFocus.USER32(00000000,?,?,00407CB3,000004B6,?), ref: 00407BD3
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Item$Window$Long$System$HandleLoadMessageMetricsModuleSend$DirectoryFileFocusIconImageInfoShow
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3043669009-0
                                                                                                                                                                                    • Opcode ID: 1f0e94b95f020d3b8e77b37237e9aadbc50514f1cf521aa7691f1bf8f68bcbb1
                                                                                                                                                                                    • Instruction ID: 89f3b88826d8887572c5d6fe444f9f02d0f5d57ef80b66f4cb10b8e9da8ac73b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1f0e94b95f020d3b8e77b37237e9aadbc50514f1cf521aa7691f1bf8f68bcbb1
                                                                                                                                                                                    • Instruction Fuzzy Hash: BA11A975E403146BCB10EBA99C09FDA77FCAB84704F10447FB652E32D1DAB8E9408758
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004070CA Relevance: 6.1, APIs: 4, Instructions: 56COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 004070F1
                                                                                                                                                                                    • GetSystemMetrics.USER32(00000031), ref: 00407117
                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00407126
                                                                                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00407155
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: System$CreateDeleteFontIndirectInfoMetricsObjectParameters
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1900162674-0
                                                                                                                                                                                    • Opcode ID: ee45daaef24bc28aa4936f7b9027f65fc4e36ca63f23fb62e3441661ca62ae1a
                                                                                                                                                                                    • Instruction ID: 7ca149eb978450d9eaaa00a785ca09fbf38d10ddd3a5f9416087942f21ed5d96
                                                                                                                                                                                    • Opcode Fuzzy Hash: ee45daaef24bc28aa4936f7b9027f65fc4e36ca63f23fb62e3441661ca62ae1a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 601133B5A00205EFDB149F94DC88FEAB7B8EB44300F0580AAED15A7391DB74AE44CB54
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00408589 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ScreenToClient.USER32(?,?), ref: 004085C3
                                                                                                                                                                                    • GetClientRect.USER32(?,?), ref: 004085D5
                                                                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 004085E4
                                                                                                                                                                                      • Part of subcall function 00407FEB: KillTimer.USER32(?,00000001,?,004085F9), ref: 00407FF9
                                                                                                                                                                                    • CallNextHookEx.USER32(?,?,?), ref: 00408606
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ClientRect$CallHookKillNextScreenTimer
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3015594791-0
                                                                                                                                                                                    • Opcode ID: 67cc68fca27d81dcad1998da31b7a21cb57a8bde74af4e36de8cdfd47b2d5014
                                                                                                                                                                                    • Instruction ID: a9507084e86a50c26018d12a95ccdb9cd04dbf8e5f515733648f13949fbe8a17
                                                                                                                                                                                    • Opcode Fuzzy Hash: 67cc68fca27d81dcad1998da31b7a21cb57a8bde74af4e36de8cdfd47b2d5014
                                                                                                                                                                                    • Instruction Fuzzy Hash: B1012931200109EFDB10AFA9EE44EEB7BA5FF44340B04843EF946A62A1DF35E851DB59
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00404148 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00403116: GetWindowTextLengthW.USER32(?), ref: 00403127
                                                                                                                                                                                      • Part of subcall function 00403116: GetWindowTextW.USER32(004031A0,00000000,00000001), ref: 00403144
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 00404194
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0040419C
                                                                                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 004041A9
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 004041B4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@TextWindow$Length
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2308334395-0
                                                                                                                                                                                    • Opcode ID: 5530cb6251c639925ee10925c66be952b479ff2269ea4a81fe523976cbf30cde
                                                                                                                                                                                    • Instruction ID: 8203e9935672bf19afbfd2d9b02dfcce5b04130e2821ee87a37bdffe64818393
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5530cb6251c639925ee10925c66be952b479ff2269ea4a81fe523976cbf30cde
                                                                                                                                                                                    • Instruction Fuzzy Hash: 00F0FF72D0410CBACF01BFA1DD46CDE7BB8AE04348F10446AF505B20A1EB75AA948794
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00407945 Relevance: 6.0, APIs: 4, Instructions: 34windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetObjectW.GDI32(?,0000005C,?), ref: 00407960
                                                                                                                                                                                    • CreateFontIndirectW.GDI32(?), ref: 00407976
                                                                                                                                                                                    • GetDlgItem.USER32(?,000004B5), ref: 0040798A
                                                                                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000,00000000), ref: 00407996
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateFontIndirectItemMessageObjectSend
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2001801573-0
                                                                                                                                                                                    • Opcode ID: cf5f9feb201e3eb52ad9ab8d19ded081f29c03fbfabb12ca70d1e47154dfdd2c
                                                                                                                                                                                    • Instruction ID: 6a17f5e8e35155f57439c70a91428e418c09d7387c40aa3fbc77a88a27bb5ba5
                                                                                                                                                                                    • Opcode Fuzzy Hash: cf5f9feb201e3eb52ad9ab8d19ded081f29c03fbfabb12ca70d1e47154dfdd2c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DF054B1900704ABE7205BA9DD09FC77FBCAB84B01F048039BA11E21D5DBB4E401CA29
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00401DB9 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetParent.USER32(?), ref: 00401DBE
                                                                                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00401DD7
                                                                                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00401DE5
                                                                                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00401DEC
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ClientScreen$ParentRectWindow
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2099118873-0
                                                                                                                                                                                    • Opcode ID: 9ac7bb66e59a287b07c9635548890c60333ad6437c4a5ad200794121c1393770
                                                                                                                                                                                    • Instruction ID: f8f94db76321b844ec6104e6d5447e13ac28992312c2680a702f521ad6fa1c41
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ac7bb66e59a287b07c9635548890c60333ad6437c4a5ad200794121c1393770
                                                                                                                                                                                    • Instruction Fuzzy Hash: CAE086722042166BD7105BE5FC88C8B7FBDEFC5766700447AF94592130C7309C10DA71
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004111D9 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 243COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00410B43: ??2@YAPAXI@Z.MSVCRT ref: 00410B48
                                                                                                                                                                                    • ??3@YAXPAX@Z.MSVCRT ref: 0041130A
                                                                                                                                                                                      • Part of subcall function 0040D5B6: ??2@YAPAXI@Z.MSVCRT ref: 0040D5C9
                                                                                                                                                                                      • Part of subcall function 0040D5B6: memmove.MSVCRT ref: 0040D5E3
                                                                                                                                                                                      • Part of subcall function 0040D5B6: ??3@YAXPAX@Z.MSVCRT ref: 0040D5F3
                                                                                                                                                                                    • ??2@YAPAXI@Z.MSVCRT ref: 00411342
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??2@$??3@$memmove
                                                                                                                                                                                    • String ID: t]A
                                                                                                                                                                                    • API String ID: 4294387087-2725727105
                                                                                                                                                                                    • Opcode ID: 28b8c6e6dd5745b9cd65de66c47c6ecf14d0a0dead238fcfffcedf5705f07637
                                                                                                                                                                                    • Instruction ID: 81c2ab0cc22745a9f4371f108cdfb949ce4a1963edcd174408460c6a5bfcd2f6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 28b8c6e6dd5745b9cd65de66c47c6ecf14d0a0dead238fcfffcedf5705f07637
                                                                                                                                                                                    • Instruction Fuzzy Hash: DEB1D2B1900218DFCB14DF9AC8909DDBBB4BF58348F50813EF919A7261DB38A989CF54
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00407ECD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ??3@wsprintf
                                                                                                                                                                                    • String ID: (%d%s)
                                                                                                                                                                                    • API String ID: 3815514257-2087557067
                                                                                                                                                                                    • Opcode ID: 2d779ec3873a2fda28ba808a340ce29c8deb2edc06c71eb1e141682222f80fe9
                                                                                                                                                                                    • Instruction ID: 8a36046f79fd413c4cbdc181e856807dfed79737d16026c8b1b8b17132c7f2e7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2d779ec3873a2fda28ba808a340ce29c8deb2edc06c71eb1e141682222f80fe9
                                                                                                                                                                                    • Instruction Fuzzy Hash: E5F09671800218AFCF11BB55DD46EDEB7B8AF00308F1045BBB512B14E2DAB5A6548A58
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 004044AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 7windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • MessageBoxA.USER32(00000000,Could not allocate memory,7-Zip SFX,00000010), ref: 004044BA
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000B.00000002.2081555260.0000000000401000.00000020.00000001.01000000.00000013.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081540884.0000000000400000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081574053.0000000000414000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081589581.0000000000418000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000B.00000002.2081604105.000000000041B000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_11_2_400000_Opera_GX_assistant_73.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Message
                                                                                                                                                                                    • String ID: 7-Zip SFX$Could not allocate memory
                                                                                                                                                                                    • API String ID: 2030045667-3806377612
                                                                                                                                                                                    • Opcode ID: 330f658d4037a0d44fb23f8f268cc4495736feb570957682d21f2dac55989a64
                                                                                                                                                                                    • Instruction ID: 752229e11c10a15970a66ffa1679a9ec66b8eca087eb26f5146150477e14d876
                                                                                                                                                                                    • Opcode Fuzzy Hash: 330f658d4037a0d44fb23f8f268cc4495736feb570957682d21f2dac55989a64
                                                                                                                                                                                    • Instruction Fuzzy Hash: BBB011B03C0B0CBAE20003A08C0BFC020A00BC8F83F220822BA28EE0C0EAC800E0A00C
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Execution Graph

                                                                                                                                                                                    Execution Coverage:4.2%
                                                                                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                    Signature Coverage:2.9%
                                                                                                                                                                                    Total number of Nodes:2000
                                                                                                                                                                                    Total number of Limit Nodes:9
                                                                                                                                                                                    execution_graph 69813 d61000 69861 da3f70 69813->69861 69815 d61027 69871 d659e4 69815->69871 69818 d6103e 70100 d65a0e 469 API calls 69818->70100 69819 d6104f _strlen 69876 d65a43 69819->69876 69821 d61045 70101 e994aa 69821->70101 69826 d61319 69827 d6107f 69888 dca1d0 69827->69888 69831 d610f5 69901 db0ee0 69831->69901 69835 d6113b 69954 daba00 69835->69954 69837 d611f5 70062 db9df0 69837->70062 69838 d6117f 69838->69837 69982 dabec0 69838->69982 69844 d611b4 70005 da5860 69844->70005 69849 d611d9 70026 dac2a0 69849->70026 69862 da3f83 69861->69862 69863 da4016 69861->69863 69864 e993de 3 API calls 69862->69864 69863->69815 69865 da3f8a 69864->69865 69866 e993de 3 API calls 69865->69866 69867 da3fa3 GetCommandLineW 69866->69867 69868 da400d 69867->69868 69870 da3ff3 69867->69870 70108 da4020 40 API calls 3 library calls 69868->70108 69870->69868 70109 d70acc 69871->70109 69874 d61037 69874->69818 69874->69819 70139 dc8410 69876->70139 69881 dc81c0 69882 dc8215 CoInitializeEx 69881->69882 69883 dc81e3 69881->69883 69882->69827 72035 e9940e RaiseException EnterCriticalSection LeaveCriticalSection 69883->72035 69885 dc81ef 69887 dc8201 69885->69887 72036 dfe940 6 API calls _ValidateLocalCookies 69885->72036 69887->69882 69889 dca255 69888->69889 69890 dca202 69888->69890 69894 e994aa _ValidateLocalCookies 5 API calls 69889->69894 69891 dca278 FileTimeToSystemTime 69890->69891 69892 dca228 FileTimeToSystemTime 69890->69892 69891->69889 69892->69889 69893 dca243 SystemTimeToTzSpecificLocalTime 69892->69893 69893->69889 69895 d610ce 69894->69895 69896 db87e0 69895->69896 72037 db8840 69896->72037 69899 e994aa _ValidateLocalCookies 5 API calls 69900 db8829 69899->69900 69900->69831 69928 db0f17 69901->69928 69902 e994e7 __Init_thread_header 6 API calls 69902->69928 69903 db0f3a TryAcquireSRWLockExclusive 69903->69928 69904 db0f1c 72100 dc33c0 177 API calls 2 library calls 69904->72100 69906 db0f24 69907 e994aa _ValidateLocalCookies 5 API calls 69906->69907 69910 d61118 69907->69910 69908 e993de 3 API calls 69908->69928 69909 db1071 ReleaseSRWLockExclusive 69909->69928 69932 da8b80 69910->69932 69911 e9955d __Init_thread_footer 5 API calls 69911->69928 69912 db1152 ReleaseSRWLockExclusive 69917 db115d 69912->69917 69913 da9e40 35 API calls 69913->69928 69914 db11e7 69915 db121f 69914->69915 72103 db1520 37 API calls __floor_pentium4 69914->72103 69916 da7db0 23 API calls 69915->69916 69920 db122b ReleaseSRWLockExclusive 69916->69920 69922 e994aa _ValidateLocalCookies 5 API calls 69917->69922 69918 da7db0 23 API calls 69923 db110b TryAcquireSRWLockExclusive 69918->69923 69920->69917 69922->69910 69925 db111d 69923->69925 69923->69928 69924 db1213 69926 da7db0 23 API calls 69924->69926 69925->69912 72102 db1520 37 API calls __floor_pentium4 69925->72102 69926->69915 69928->69902 69928->69903 69928->69904 69928->69908 69928->69909 69928->69911 69928->69912 69928->69913 69928->69914 69928->69915 69928->69917 69928->69918 72101 dc1500 185 API calls 2 library calls 69928->72101 69929 db1143 69930 da7db0 23 API calls 69929->69930 69931 db114f 69930->69931 69931->69912 69934 da8bcf 69932->69934 69936 da8e4b 69934->69936 69937 da8c12 69934->69937 69947 da8c17 __fread_nolock 69934->69947 72109 da0494 23 API calls 69936->72109 69940 da8e54 69937->69940 69942 da8c4a 69937->69942 69937->69947 69939 da8ce0 69943 da7cd0 35 API calls 69939->69943 69944 ead9b4 CallUnexpected 34 API calls 69940->69944 69941 da8cc7 69945 da7cd0 35 API calls 69941->69945 69946 e993de 3 API calls 69942->69946 69951 da8d16 69943->69951 69948 da8e59 69944->69948 69950 da8cd0 69945->69950 69946->69947 72104 da21f0 69947->72104 69949 e994aa _ValidateLocalCookies 5 API calls 69952 da8e3f 69949->69952 69950->69949 72108 da1878 23 API calls __fread_nolock 69951->72108 69952->69835 69955 daba18 69954->69955 72116 da4730 69955->72116 69958 daba36 69960 dabb9b 69958->69960 69961 e993de 3 API calls 69958->69961 69981 dababe 69958->69981 69959 da4730 5 API calls 69959->69958 69962 daba5c _strlen 69961->69962 69969 da47a0 23 API calls 69962->69969 69963 dabb85 69964 e994aa _ValidateLocalCookies 5 API calls 69963->69964 69970 dabb91 69964->69970 69965 dabb2f 69968 dabb40 69965->69968 69972 e993de 3 API calls 69965->69972 69966 dabaed CloseHandle 69967 dabb08 69966->69967 69966->69968 69967->69965 69973 da1bbc 23 API calls 69968->69973 69971 daba87 _strlen 69969->69971 69970->69838 69977 da47a0 23 API calls 69971->69977 69972->69968 69974 dabb66 69973->69974 69975 dabb80 69974->69975 69978 dabb79 DeleteFileW 69974->69978 72120 dabba0 69975->72120 69979 dabaad 69977->69979 69978->69975 72157 de6090 44 API calls _ValidateLocalCookies 69979->72157 69981->69963 69981->69965 69981->69966 72163 d8b046 69982->72163 69987 de66b0 13 API calls 69988 dabf49 69987->69988 72169 dabf60 69988->72169 69991 d61741 69992 d61771 69991->69992 69993 d6181d 69991->69993 69995 d89db0 121 API calls 69992->69995 70000 d6177e 69992->70000 69994 d619a0 121 API calls 69993->69994 69996 d61825 69994->69996 69995->70000 69998 e994aa _ValidateLocalCookies 5 API calls 69996->69998 70001 d6182f 69998->70001 69999 d61800 69999->69993 72325 d8afea 121 API calls 69999->72325 70002 d9bb88 10 API calls 70000->70002 70003 d617ad 70000->70003 70001->69844 70002->70003 72324 d61840 8 API calls 2 library calls 70003->72324 70006 da13a0 23 API calls 70005->70006 70007 da5896 70006->70007 72326 da5960 70007->72326 70009 da58a2 72332 da5c00 70009->72332 70012 da5938 70015 e994aa _ValidateLocalCookies 5 API calls 70012->70015 70014 da5921 72345 da1878 23 API calls __fread_nolock 70014->72345 70017 d611c9 70015->70017 70018 dacb30 70017->70018 70019 dacb6f 70018->70019 70020 dacb51 70018->70020 70021 d61741 121 API calls 70019->70021 72349 db92e0 23 API calls 70020->72349 70023 dacbbf 70021->70023 70024 e994aa _ValidateLocalCookies 5 API calls 70023->70024 70025 dacbe0 70024->70025 70025->69849 70027 dac2ef 70026->70027 70028 d9bb88 10 API calls 70027->70028 70029 dac335 70028->70029 72350 d8ab60 70029->72350 70032 d89db0 121 API calls 70033 dac35d 70032->70033 70034 d65604 23 API calls 70033->70034 70036 dac38a 70034->70036 70035 dac82d 70036->70035 70037 e993de 3 API calls 70036->70037 70044 dac397 70036->70044 70038 dac6d0 70037->70038 72377 de92a0 50 API calls 2 library calls 70038->72377 70041 dac439 72368 eb19a3 70041->72368 70042 dac6ec 72378 d81c60 GetCurrentThreadId 70042->72378 70055 dac4d2 __fread_nolock 70044->70055 72358 eb28cd 70044->72358 70046 dac44c 70047 dac4a9 70046->70047 70046->70055 70061 dac4c9 _strlen 70046->70061 72376 de8870 121 API calls __fread_nolock 70047->72376 70048 e994e7 __Init_thread_header 6 API calls 70051 dac7c7 70048->70051 70049 de66e0 12 API calls 70058 dac64a 70049->70058 70052 dac532 70051->70052 70053 e9955d __Init_thread_footer 5 API calls 70051->70053 70052->70035 70054 e994e7 __Init_thread_header 6 API calls 70052->70054 70052->70061 70053->70052 70056 dac7ff 70054->70056 70055->70048 70055->70052 70057 e9955d __Init_thread_footer 5 API calls 70056->70057 70056->70061 70057->70061 70059 e994aa _ValidateLocalCookies 5 API calls 70058->70059 70060 dac69a 70059->70060 70060->69837 70061->70035 70061->70049 72415 df3920 70062->72415 70064 db9e14 72433 db9e40 70064->72433 70100->69821 70102 e994b3 70101->70102 70103 e994b5 IsProcessorFeaturePresent 70101->70103 70102->69826 70105 e9a343 70103->70105 72600 e9a428 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 70105->72600 70107 e9a426 70107->69826 70108->69863 70117 da47a0 70109->70117 70111 d70afa _strlen 70113 d70b2c 70111->70113 70125 da130a 23 API calls _strlen 70111->70125 70114 e994aa _ValidateLocalCookies 5 API calls 70113->70114 70115 d659f1 70114->70115 70115->69874 70116 d70dac 23 API calls 2 library calls 70115->70116 70116->69874 70118 da47e2 70117->70118 70120 da47fa 70118->70120 70126 da13a0 70118->70126 70124 da485b 70120->70124 70136 db92e0 23 API calls 70120->70136 70122 e994aa _ValidateLocalCookies 5 API calls 70123 da4896 70122->70123 70123->70111 70124->70122 70125->70113 70127 da13cc 70126->70127 70128 da13bc __fread_nolock 70126->70128 70129 da1433 70127->70129 70130 da13d7 70127->70130 70128->70120 70137 da0494 23 API calls 70129->70137 70130->70128 70132 da143a 70130->70132 70133 da13f4 70130->70133 70138 d9ee4e 23 API calls 2 library calls 70132->70138 70134 e993de 3 API calls 70133->70134 70134->70128 70136->70124 70140 dc841c 70139->70140 70285 eb3723 70140->70285 70143 d88004 70144 d88023 70143->70144 70145 d88a03 70144->70145 70146 d880e5 70144->70146 70150 d8804c 70144->70150 70147 e994aa _ValidateLocalCookies 5 API calls 70145->70147 70470 da46b0 35 API calls 70146->70470 70148 d61064 70147->70148 70148->69881 70149 d880f6 70313 d88d9c 70149->70313 70150->70149 70365 da46b0 35 API calls 70150->70365 70153 d88072 70366 d63696 70153->70366 70158 d8808f 70460 da0aa2 70158->70460 70161 d88357 _strlen 70166 d883e2 70161->70166 70483 e994e7 EnterCriticalSection 70161->70483 70162 d8809b 70464 da8610 70162->70464 70168 e994e7 __Init_thread_header 6 API calls 70166->70168 70178 d88413 70166->70178 70173 d88a60 70168->70173 70170 d8841d 70180 d88474 70170->70180 70181 e994e7 __Init_thread_header 6 API calls 70170->70181 70171 d88a20 70171->70166 70488 e9955d EnterCriticalSection LeaveCriticalSection 70171->70488 70172 d88182 _strlen 70175 d881c3 70172->70175 70177 da0c44 23 API calls 70172->70177 70176 e9955d __Init_thread_footer 5 API calls 70173->70176 70173->70178 70332 dd1148 70175->70332 70176->70178 70177->70175 70474 dd11b0 121 API calls 70178->70474 70182 dd1148 50 API calls 70180->70182 70184 d88aa0 70181->70184 70183 d8847e 70182->70183 70190 e994e7 __Init_thread_header 6 API calls 70183->70190 70197 d884d5 _strlen 70183->70197 70184->70180 70186 e9955d __Init_thread_footer 5 API calls 70184->70186 70185 d881ee 70335 da0c44 70185->70335 70186->70180 70194 d88ae0 70190->70194 70192 d85d30 3 API calls 70193 d88270 _strlen 70192->70193 70343 d85d88 70193->70343 70195 e9955d __Init_thread_footer 5 API calls 70194->70195 70194->70197 70195->70197 70196 d8851e 70475 d65886 121 API calls _ValidateLocalCookies 70196->70475 70197->70196 70199 e994e7 __Init_thread_header 6 API calls 70197->70199 70201 d88b20 70199->70201 70201->70196 70203 e9955d __Init_thread_footer 5 API calls 70201->70203 70202 d88528 70205 d8857f 70202->70205 70206 e994e7 __Init_thread_header 6 API calls 70202->70206 70203->70196 70204 d88289 _strlen 70207 da47a0 23 API calls 70204->70207 70476 d658db 121 API calls 70205->70476 70212 d88b60 70206->70212 70209 d882c7 70207->70209 70210 d88d9c 12 API calls 70209->70210 70211 d882cc 70210->70211 70349 d851b2 70211->70349 70212->70205 70213 e9955d __Init_thread_footer 5 API calls 70212->70213 70213->70205 70215 d882df 70356 de0180 70215->70356 70216 d88589 70477 da46b0 35 API calls 70216->70477 70219 d882f4 70361 de0322 70219->70361 70220 d885db 70221 d885fc 70220->70221 70222 e994e7 __Init_thread_header 6 API calls 70220->70222 70478 d65916 35 API calls _ValidateLocalCookies 70221->70478 70231 d88ba0 70222->70231 70225 d8830e 70226 d88328 70225->70226 70227 d8831c 70225->70227 70228 d63696 121 API calls 70226->70228 70229 d851b2 23 API calls 70227->70229 70230 d88326 70228->70230 70229->70230 70472 de0607 5 API calls _strlen 70230->70472 70231->70221 70234 e9955d __Init_thread_footer 5 API calls 70231->70234 70233 d88602 _strlen 70236 d88649 70233->70236 70237 e994e7 __Init_thread_header 6 API calls 70233->70237 70234->70221 70235 d8833c 70473 ddac9c 8 API calls _ValidateLocalCookies 70235->70473 70479 db3850 23 API calls 2 library calls 70236->70479 70240 d88be0 70237->70240 70240->70236 70241 e9955d __Init_thread_footer 5 API calls 70240->70241 70241->70236 70242 d88659 70480 dc3040 177 API calls _ValidateLocalCookies 70242->70480 70244 d886b7 70247 e994e7 __Init_thread_header 6 API calls 70244->70247 70253 d886df __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 70244->70253 70258 d88702 70244->70258 70245 d88759 GetCurrentProcess 70482 dc8b40 6 API calls _ValidateLocalCookies 70245->70482 70246 e994e7 __Init_thread_header 6 API calls 70249 d88c20 70246->70249 70254 d88d26 70247->70254 70249->70245 70251 d88c30 70249->70251 70250 d88765 70252 d63696 121 API calls 70250->70252 70256 e9955d __Init_thread_footer 5 API calls 70251->70256 70259 d8878e 70252->70259 70481 db3cc0 23 API calls 3 library calls 70253->70481 70254->70253 70257 e9955d __Init_thread_footer 5 API calls 70254->70257 70260 d88c4e 70256->70260 70257->70253 70258->70245 70258->70246 70261 d85d30 3 API calls 70259->70261 70260->70245 70262 d887db _strlen 70261->70262 70264 d8882b 70262->70264 70265 e994e7 __Init_thread_header 6 API calls 70262->70265 70263 d85d30 3 API calls 70268 d88866 _strlen 70263->70268 70264->70263 70266 d88c60 70265->70266 70266->70264 70267 e9955d __Init_thread_footer 5 API calls 70266->70267 70267->70264 70269 d8889a 70268->70269 70270 d88920 70268->70270 70272 e994e7 __Init_thread_header 6 API calls 70269->70272 70273 d888bb 70269->70273 70271 d85d30 3 API calls 70270->70271 70278 d8893a _strlen 70271->70278 70274 d88ca3 70272->70274 70275 e994e7 __Init_thread_header 6 API calls 70273->70275 70282 d888fd _strlen 70273->70282 70274->70273 70276 e9955d __Init_thread_footer 5 API calls 70274->70276 70277 d88ce6 70275->70277 70276->70273 70279 e9955d __Init_thread_footer 5 API calls 70277->70279 70277->70282 70280 e994e7 __Init_thread_header 6 API calls 70278->70280 70278->70282 70279->70282 70281 d88d66 70280->70281 70281->70282 70283 e9955d __Init_thread_footer 5 API calls 70281->70283 70282->70145 70283->70282 70286 eb372f CallCatchBlock 70285->70286 70287 eb3809 70286->70287 70292 eb3774 70286->70292 70301 eb3783 __fread_nolock CallUnexpected 70286->70301 70308 eb7ce1 EnterCriticalSection 70287->70308 70290 eb381d 70291 eb3834 SetConsoleCtrlHandler 70290->70291 70297 eb3845 __dosmaperr CallUnexpected 70290->70297 70293 eb384e 70291->70293 70291->70297 70292->70301 70303 eb6fb1 11 API calls 3 library calls 70292->70303 70309 eaa805 11 API calls __dosmaperr 70293->70309 70296 eb3853 GetLastError 70296->70297 70310 eb38c0 LeaveCriticalSection CallUnexpected 70297->70310 70298 eb378e 70298->70301 70304 dc8c30 70298->70304 70302 d65a53 70301->70302 70311 eb3b3f 11 API calls __dosmaperr 70301->70311 70302->70143 70303->70298 70306 dc8c40 70304->70306 70305 dc8c65 70305->70301 70306->70305 70312 dffa70 EnterCriticalSection LeaveCriticalSection ___std_exception_copy 70306->70312 70308->70290 70309->70296 70310->70301 70311->70302 70312->70306 70314 d88da6 70313->70314 70315 d88158 70314->70315 70493 dab640 7 API calls _ValidateLocalCookies 70314->70493 70321 d89030 70315->70321 70317 d88dbf 70317->70315 70318 e993de 3 API calls 70317->70318 70319 d88dcd 70318->70319 70494 dab700 10 API calls 70319->70494 70322 d89057 70321->70322 70495 d8724c 70322->70495 70325 d8906f 70327 e994aa _ValidateLocalCookies 5 API calls 70325->70327 70328 d88160 70327->70328 70328->70161 70329 d85d30 70328->70329 70934 da73d0 70329->70934 70937 db8590 70332->70937 70336 da0c54 _strlen 70335->70336 71014 da0632 70336->71014 70338 d8825d 70339 da060c 70338->70339 70340 da0616 70339->70340 70341 d88269 70339->70341 70342 da0632 23 API calls 70340->70342 70341->70192 70342->70341 70344 d85dbc 70343->70344 70347 d85de9 70344->70347 71018 da130a 23 API calls _strlen 70344->71018 70346 e994aa _ValidateLocalCookies 5 API calls 70348 d85e65 70346->70348 70347->70346 70348->70204 70350 d851d8 __fread_nolock 70349->70350 70351 d851c2 70349->70351 70350->70215 70352 d8522f 70351->70352 70353 d851d3 70351->70353 71019 da0494 23 API calls 70352->71019 70353->70350 70355 e993de 3 API calls 70353->70355 70355->70350 71020 ddff91 70356->71020 70358 de01bf 70359 e994aa _ValidateLocalCookies 5 API calls 70358->70359 70360 de01d3 70359->70360 70360->70219 70362 de032d 70361->70362 70363 e993de 3 API calls 70362->70363 70364 de033a __fread_nolock 70363->70364 70364->70225 70365->70153 70367 d636b2 _strlen 70366->70367 70368 d63713 70367->70368 70369 d636ba 70367->70369 72029 da0494 23 API calls 70368->72029 70372 e993de 3 API calls 70369->70372 70375 d636bf __fread_nolock 70369->70375 70372->70375 70375->70158 70461 da0ab2 _strlen 70460->70461 70462 da0920 23 API calls 70461->70462 70463 da0abe 70462->70463 70463->70162 70465 da863a 70464->70465 70466 da7cd0 35 API calls 70465->70466 70467 da8648 70466->70467 70468 d880d2 70467->70468 72030 da1bbc 70467->72030 70471 da9d80 35 API calls _ValidateLocalCookies 70468->70471 70470->70149 70471->70149 70472->70235 70473->70161 70474->70170 70475->70202 70476->70216 70477->70220 70478->70233 70479->70242 70480->70244 70481->70258 70482->70250 70487 e994fb 70483->70487 70484 e99500 LeaveCriticalSection 70484->70171 70487->70484 72034 e995a7 SleepConditionVariableCS LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 70487->72034 70489 e995f5 70488->70489 70490 e99611 SetEvent ResetEvent 70489->70490 70491 e99600 WakeAllConditionVariable 70489->70491 70490->70166 70491->70166 70493->70317 70494->70315 70496 d85d30 3 API calls 70495->70496 70497 d87277 _strlen 70496->70497 70498 d87300 70497->70498 70546 daa1d0 35 API calls _ValidateLocalCookies 70497->70546 70519 d87387 70498->70519 70500 d872c8 70547 d87201 70500->70547 70506 d872d7 70506->70498 70508 d872ed 70506->70508 70507 d87345 70510 da7db0 23 API calls 70507->70510 70514 d872f5 70507->70514 70555 da7db0 70508->70555 70510->70514 70511 e994aa _ValidateLocalCookies 5 API calls 70513 d8737d 70511->70513 70513->70325 70515 da1510 70513->70515 70514->70511 70516 da151a 70515->70516 70517 da152e 70515->70517 70929 da1536 70516->70929 70517->70325 70520 d873bb 70519->70520 70521 d8740c 70519->70521 70523 da8b80 35 API calls 70520->70523 70526 d873e4 70520->70526 70522 e994e7 __Init_thread_header 6 API calls 70521->70522 70527 d87416 70522->70527 70523->70526 70524 e994aa _ValidateLocalCookies 5 API calls 70525 d8732b 70524->70525 70525->70514 70537 dc24e0 70525->70537 70526->70524 70527->70520 70559 d87170 70527->70559 70532 d87201 205 API calls 70533 d8744e 70532->70533 70573 e999dd EnterCriticalSection LeaveCriticalSection 70533->70573 70535 d87493 70536 e9955d __Init_thread_footer 5 API calls 70535->70536 70536->70520 70538 dc2537 70537->70538 70800 dba440 70538->70800 70544 e994aa _ValidateLocalCookies 5 API calls 70545 d87338 70544->70545 70545->70507 70558 daa700 195 API calls 70545->70558 70546->70500 70548 d87212 70547->70548 70549 d8723a 70548->70549 70550 dc24e0 177 API calls 70548->70550 70549->70506 70551 d8721f 70550->70551 70554 d8722c 70551->70554 70927 daa700 195 API calls 70551->70927 70554->70549 70928 dc1500 185 API calls 2 library calls 70554->70928 70556 da1510 23 API calls 70555->70556 70557 da7dbe 70556->70557 70557->70514 70558->70507 70560 d871a1 _strlen 70559->70560 70574 da48b0 70560->70574 70563 d87201 205 API calls 70564 d871bd 70563->70564 70565 e994aa _ValidateLocalCookies 5 API calls 70564->70565 70566 d871f7 70565->70566 70566->70533 70567 d874d0 70566->70567 70568 d874e6 70567->70568 70569 d874e1 70567->70569 70628 d675b0 70568->70628 70616 d65a70 70569->70616 70571 d87461 70571->70532 70571->70533 70573->70535 70575 da48dc 70574->70575 70576 da13a0 23 API calls 70575->70576 70577 da48f1 70575->70577 70576->70577 70582 da7cd0 70577->70582 70579 da4931 70580 e994aa _ValidateLocalCookies 5 API calls 70579->70580 70581 d871b4 70580->70581 70581->70563 70583 da7cdf 70582->70583 70585 da7d04 __fread_nolock 70582->70585 70584 da7d81 70583->70584 70586 da7cff 70583->70586 70596 da0494 23 API calls 70584->70596 70592 da7d78 70585->70592 70595 da1dd6 23 API calls CatchIt 70585->70595 70586->70585 70588 da7d88 70586->70588 70589 da7d29 70586->70589 70597 ead9b4 70588->70597 70591 e993de 3 API calls 70589->70591 70591->70585 70592->70579 70595->70592 70608 eb36fc 70597->70608 70600 ead9c4 70601 ead9ce IsProcessorFeaturePresent 70600->70601 70602 ead9ed 70600->70602 70604 ead9da 70601->70604 70611 ea7ba9 70602->70611 70615 eabe76 8 API calls 3 library calls 70604->70615 70609 eb3c1a CallUnexpected EnterCriticalSection LeaveCriticalSection 70608->70609 70610 ead9b9 70609->70610 70610->70600 70614 eb38e2 34 API calls 5 library calls 70610->70614 70612 ea7cba CallUnexpected 16 API calls 70611->70612 70613 da7d8d 70612->70613 70614->70600 70615->70602 70617 d65ab3 70616->70617 70618 d65a9e 70616->70618 70620 e994e7 __Init_thread_header 6 API calls 70617->70620 70619 e994aa _ValidateLocalCookies 5 API calls 70618->70619 70622 d65aa8 70619->70622 70621 d65abd 70620->70621 70621->70618 70623 e993de 3 API calls 70621->70623 70622->70568 70624 d65ad0 70623->70624 70646 d65b20 70624->70646 70626 e9955d __Init_thread_footer 5 API calls 70626->70618 70627 d65aed 70627->70626 70709 d66470 70628->70709 70630 d675c1 70631 d67675 70630->70631 70632 d675ed 70630->70632 70756 da0494 23 API calls 70631->70756 70634 d6767c 70632->70634 70635 d6760a 70632->70635 70638 d675f7 __fread_nolock 70632->70638 70636 ead9b4 CallUnexpected 34 API calls 70634->70636 70637 e993de 3 API calls 70635->70637 70641 d67681 70636->70641 70637->70638 70639 d67669 70638->70639 70755 da1878 23 API calls __fread_nolock 70638->70755 70639->70571 70645 d676da 70641->70645 70721 d7fbfa 70641->70721 70642 e994aa _ValidateLocalCookies 5 API calls 70644 d67714 70642->70644 70644->70571 70645->70642 70651 d65d00 70646->70651 70649 e994aa _ValidateLocalCookies 5 API calls 70650 d65b53 70649->70650 70650->70627 70652 d65d39 70651->70652 70653 db0ee0 191 API calls 70652->70653 70655 d65d6b 70653->70655 70655->70655 70657 da8b80 35 API calls 70655->70657 70670 d65dc2 70655->70670 70659 d65db5 70657->70659 70658 e994aa _ValidateLocalCookies 5 API calls 70660 d65b49 70658->70660 70671 dc2320 70659->70671 70660->70649 70663 da8610 35 API calls 70664 d65dd2 70663->70664 70665 da8b80 35 API calls 70664->70665 70666 d65e06 70665->70666 70667 dc2320 177 API calls 70666->70667 70668 d65e0c 70667->70668 70669 da8610 35 API calls 70668->70669 70668->70670 70669->70670 70680 d65e80 70670->70680 70672 dc2377 70671->70672 70673 dba440 174 API calls 70672->70673 70674 dc2388 GetFileAttributesW 70673->70674 70676 dba4b0 166 API calls 70674->70676 70677 dc23a4 70676->70677 70678 e994aa _ValidateLocalCookies 5 API calls 70677->70678 70679 d65dbb 70678->70679 70679->70663 70679->70670 70681 e993de RaiseException EnterCriticalSection LeaveCriticalSection 70680->70681 70682 d65e9c 70681->70682 70708 d71ea0 204 API calls 70682->70708 70683 d65ec4 70684 d66280 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 70683->70684 70685 d65ecb 70684->70685 70686 dd11b0 121 API calls 70685->70686 70687 d65ed4 70686->70687 70688 db9420 35 API calls 70687->70688 70689 d65ef0 _strlen 70688->70689 70690 db9420 35 API calls 70689->70690 70691 d65f16 70690->70691 70692 da1a38 23 API calls 70691->70692 70693 d65f25 70692->70693 70694 da1878 23 API calls 70693->70694 70695 d65f67 _strlen 70694->70695 70696 db9420 35 API calls 70695->70696 70697 d6608a 70696->70697 70699 dd11b0 121 API calls 70697->70699 70707 d6616a 70697->70707 70698 da1a38 23 API calls 70700 d66193 70698->70700 70701 d66100 70699->70701 70702 e994aa _ValidateLocalCookies 5 API calls 70700->70702 70703 db9420 35 API calls 70701->70703 70704 d65e4f 70702->70704 70705 d6611c 70703->70705 70704->70658 70706 da1878 23 API calls 70705->70706 70706->70707 70707->70698 70708->70683 70712 d66497 70709->70712 70720 d6657c 70709->70720 70710 e994aa _ValidateLocalCookies 5 API calls 70711 d6661f 70710->70711 70711->70630 70713 da8b80 35 API calls 70712->70713 70714 d664f7 70713->70714 70757 daa590 70714->70757 70716 d66526 70716->70720 70767 d72ea0 121 API calls _ValidateLocalCookies 70716->70767 70718 d66559 70718->70720 70768 d7238c 23 API calls 70718->70768 70720->70710 70722 d7fc28 70721->70722 70724 d7fc3c 70721->70724 70723 da8b80 35 API calls 70722->70723 70723->70724 70725 d7fc5b 70724->70725 70726 d7fc8a 70724->70726 70727 da8b80 35 API calls 70725->70727 70728 d7fcb5 70726->70728 70729 d7fc92 70726->70729 70747 d7fc6c 70727->70747 70730 db0ee0 191 API calls 70728->70730 70796 db9420 35 API calls CallUnexpected 70729->70796 70732 d7fcd0 70730->70732 70736 d63696 121 API calls 70732->70736 70754 d7fdf3 70732->70754 70733 d7fe38 _strlen 70797 db9420 35 API calls CallUnexpected 70733->70797 70734 e994aa _ValidateLocalCookies 5 API calls 70735 d7fc80 70734->70735 70735->70645 70738 d7fcf3 _strlen 70736->70738 70791 db7bc0 23 API calls _ValidateLocalCookies 70738->70791 70741 d7ff80 70745 d7febc 70741->70745 70799 da1ea8 23 API calls CatchIt 70741->70799 70742 da7cd0 35 API calls 70742->70747 70743 d7fd1f _strlen 70792 db7bc0 23 API calls _ValidateLocalCookies 70743->70792 70745->70742 70745->70747 70747->70734 70748 d7fd4a 70793 d7f9f0 121 API calls 70748->70793 70750 d7fd5a 70794 db7bc0 23 API calls _ValidateLocalCookies 70750->70794 70752 d7fd7d 70795 da9d80 35 API calls _ValidateLocalCookies 70752->70795 70754->70745 70798 d7f8e0 24 API calls 2 library calls 70754->70798 70755->70639 70758 daa5a0 70757->70758 70769 da9e40 70758->70769 70764 daa5e3 70790 eb1850 71 API calls 4 library calls 70764->70790 70766 daa5ee 70766->70716 70767->70718 70768->70720 70773 da9e5f 70769->70773 70770 da7fc0 35 API calls 70774 da9e8a 70770->70774 70771 e994aa _ValidateLocalCookies 5 API calls 70772 daa0f7 70771->70772 70772->70766 70775 dc3180 70772->70775 70773->70770 70773->70774 70774->70771 70776 dc31d6 70775->70776 70777 dba440 174 API calls 70776->70777 70778 dc31e5 _strlen 70777->70778 70779 db8e60 23 API calls 70778->70779 70780 dc3215 70779->70780 70781 da1cfa 23 API calls 70780->70781 70782 dc3244 70781->70782 70783 eb03cc 92 API calls 70782->70783 70784 dc325f 70783->70784 70785 dba4b0 166 API calls 70784->70785 70786 dc327f 70785->70786 70787 e994aa _ValidateLocalCookies 5 API calls 70786->70787 70788 daa5d1 70787->70788 70788->70766 70789 daa330 186 API calls 3 library calls 70788->70789 70789->70764 70790->70766 70791->70743 70792->70748 70793->70750 70794->70752 70795->70754 70796->70733 70797->70754 70798->70741 70799->70745 70815 dfbd10 70800->70815 70803 dba473 70804 e994aa _ValidateLocalCookies 5 API calls 70803->70804 70806 dba47e GetFileAttributesW 70804->70806 70807 dba4b0 70806->70807 70808 dba4e8 70807->70808 70812 dba4d0 70807->70812 70904 dba5b0 159 API calls 2 library calls 70808->70904 70885 dfc080 70812->70885 70813 e994aa _ValidateLocalCookies 5 API calls 70814 dba4e2 70813->70814 70814->70544 70816 dfbd35 70815->70816 70818 dfbd7c 70815->70818 70862 dab640 7 API calls _ValidateLocalCookies 70816->70862 70822 dfbde8 70818->70822 70864 dab640 7 API calls _ValidateLocalCookies 70818->70864 70819 dfbd3f 70819->70818 70863 dab700 10 API calls 70819->70863 70847 de88c0 70822->70847 70823 dfbdab 70823->70822 70865 dab700 10 API calls 70823->70865 70827 dfbeba 70852 dbb5f0 TlsGetValue 70827->70852 70832 dfbed2 70834 dfbedb 70832->70834 70868 e32ce0 11 API calls 2 library calls 70832->70868 70833 dfbe78 70833->70827 70867 dab700 10 API calls 70833->70867 70837 dfbf1e 70834->70837 70839 dfbeeb 70834->70839 70844 dfbf13 70834->70844 70837->70844 70870 dfbfe0 35 API calls _ValidateLocalCookies 70837->70870 70839->70844 70869 dfbb10 11 API calls 2 library calls 70839->70869 70841 dfbf83 70842 e994aa _ValidateLocalCookies 5 API calls 70841->70842 70843 dba46a 70842->70843 70843->70803 70846 dba770 159 API calls 3 library calls 70843->70846 70844->70841 70871 de7de0 123 API calls _ValidateLocalCookies 70844->70871 70846->70803 70872 de7be0 70847->70872 70850 e994aa _ValidateLocalCookies 5 API calls 70851 de8912 70850->70851 70851->70827 70866 dab640 7 API calls _ValidateLocalCookies 70851->70866 70853 dbb60b 70852->70853 70854 dbb614 70852->70854 70853->70854 70882 dbb3c0 25 API calls 4 library calls 70853->70882 70856 e43fd0 70854->70856 70857 e43fdf 70856->70857 70859 e4402b 70856->70859 70883 dab640 7 API calls _ValidateLocalCookies 70857->70883 70859->70832 70860 e43fe9 70860->70859 70884 dab700 10 API calls 70860->70884 70862->70819 70863->70818 70864->70823 70865->70822 70866->70833 70867->70827 70868->70834 70870->70844 70871->70841 70873 de7c03 70872->70873 70879 de7c27 70872->70879 70880 dbb250 TlsGetValue 70873->70880 70875 e994aa _ValidateLocalCookies 5 API calls 70876 de7cd6 70875->70876 70876->70850 70877 de7c08 70877->70879 70881 de7eb0 138 API calls 70877->70881 70879->70875 70880->70877 70881->70879 70882->70854 70883->70860 70884->70859 70905 de66b0 70885->70905 70887 dfc0af 70888 dfc106 70887->70888 70919 dab640 7 API calls _ValidateLocalCookies 70887->70919 70889 dbb5f0 26 API calls 70888->70889 70891 dfc11b 70889->70891 70910 de66e0 SetLastError 70891->70910 70893 dfc0c4 70893->70888 70920 dab700 10 API calls 70893->70920 70897 dfc135 70903 dfc174 70897->70903 70921 dfb750 35 API calls 2 library calls 70897->70921 70898 e994aa _ValidateLocalCookies 5 API calls 70900 dba4d7 70898->70900 70900->70813 70901 dfc160 70901->70903 70922 dfbb10 11 API calls 2 library calls 70901->70922 70913 de7cf0 70903->70913 70904->70812 70923 eaa7f2 70905->70923 70908 eaa7f2 __dosmaperr 11 API calls 70909 de66c4 GetLastError SetLastError 70908->70909 70909->70887 70911 eaa7f2 __dosmaperr 11 API calls 70910->70911 70912 de66f6 70911->70912 70912->70897 70914 de7d96 70913->70914 70915 de7d05 70913->70915 70914->70898 70915->70914 70916 de7d1e TryAcquireSRWLockExclusive 70915->70916 70918 de7d36 70916->70918 70917 de7d8d ReleaseSRWLockExclusive 70917->70914 70918->70917 70919->70893 70920->70888 70921->70901 70926 eb6fb1 11 API calls 3 library calls 70923->70926 70925 de66bb 70925->70908 70926->70925 70927->70554 70928->70549 70930 da154c 70929->70930 70932 da1579 CatchIt 70930->70932 70933 da190e 23 API calls __fread_nolock 70930->70933 70932->70517 70933->70932 70935 e993de 3 API calls 70934->70935 70936 d85d3c 70935->70936 70936->70172 70942 db85f0 70937->70942 70940 e994aa _ValidateLocalCookies 5 API calls 70941 db85d9 70940->70941 70941->70185 70943 db8626 __fread_nolock 70942->70943 70944 de66b0 13 API calls 70943->70944 70945 db8654 70944->70945 70963 e9eea9 70945->70963 70947 db86a0 70948 db86b8 70947->70948 70951 db86bf 70947->70951 70959 db86d0 __fread_nolock 70947->70959 70967 da0920 70948->70967 70949 db867a 70949->70947 70966 e9ee85 46 API calls 70949->70966 70954 de66e0 12 API calls 70951->70954 70952 e993de 3 API calls 70952->70959 70955 db87c5 70954->70955 70956 e994aa _ValidateLocalCookies 5 API calls 70955->70956 70957 db85cc 70956->70957 70957->70940 70958 e9eea9 46 API calls 70958->70959 70959->70951 70959->70952 70959->70958 70960 db87a1 70959->70960 70971 e9ee85 46 API calls 70959->70971 70961 da0920 23 API calls 70960->70961 70961->70951 70972 e9f401 70963->70972 70965 e9eecb 70965->70949 70966->70947 70968 da0934 70967->70968 70970 da0967 __fread_nolock 70968->70970 71007 da09ae 70968->71007 70970->70951 70971->70959 70973 e9f40d 70972->70973 70974 e9f422 70972->70974 70975 eaa7f2 __dosmaperr 11 API calls 70973->70975 70976 e9f433 70974->70976 70979 e9f456 70974->70979 70977 e9f412 70975->70977 70978 eaa7f2 __dosmaperr 11 API calls 70976->70978 71001 e9f43c 70976->71001 71003 eabe02 22 API calls __strftime_l 70977->71003 70981 e9f4e0 70978->70981 70982 eaa7f2 __dosmaperr 11 API calls 70979->70982 71006 eabe02 22 API calls __strftime_l 70981->71006 70984 e9f45b 70982->70984 70983 e9f41d 70983->70965 70986 e9f468 70984->70986 70987 e9f495 70984->70987 71004 ea1946 46 API calls 3 library calls 70986->71004 71005 ea1946 46 API calls 3 library calls 70987->71005 70990 e9f4a7 70992 e9f4cf 70990->70992 70994 e9f4b9 70990->70994 70991 e9f47a 70991->70992 70993 e9f482 70991->70993 70999 eaa7f2 __dosmaperr 11 API calls 70992->70999 70992->71001 70995 eaa7f2 __dosmaperr 11 API calls 70993->70995 70996 eaa7f2 __dosmaperr 11 API calls 70994->70996 70997 e9f487 70995->70997 70998 e9f4be 70996->70998 71000 eaa7f2 __dosmaperr 11 API calls 70997->71000 70997->71001 70998->71001 71002 eaa7f2 __dosmaperr 11 API calls 70998->71002 70999->70981 71000->71001 71001->70965 71002->71001 71003->70983 71004->70991 71005->70990 71006->71001 71008 da09cc 71007->71008 71009 da0a9d 71007->71009 71011 e993de 3 API calls 71008->71011 71013 da0494 23 API calls 71009->71013 71012 da0a08 __fread_nolock 71011->71012 71012->70970 71015 da0648 71014->71015 71016 da09ae 23 API calls 71015->71016 71017 da0675 CatchIt 71015->71017 71016->71017 71017->70338 71018->70347 71021 ddffb4 71020->71021 71048 ddf782 71021->71048 71025 ddffee __fread_nolock 71140 e1c768 71025->71140 71027 de0035 GetCurrentProcessId 71143 db3aa0 71027->71143 71029 de0045 __fread_nolock 71030 e1c768 3 API calls 71029->71030 71031 de007b 71030->71031 71153 de1ee0 71031->71153 71033 de0095 __fread_nolock 71034 e1c768 3 API calls 71033->71034 71035 de00cb 71034->71035 71036 de0163 71035->71036 71037 e993de 3 API calls 71035->71037 71039 e994aa _ValidateLocalCookies 5 API calls 71036->71039 71038 de0103 71037->71038 71156 e27b42 71038->71156 71040 de0178 71039->71040 71040->70358 71042 de0123 71159 de0242 71042->71159 71046 de015c 71190 de0353 121 API calls _ValidateLocalCookies 71046->71190 71049 ddf7b2 71048->71049 71050 da73d0 3 API calls 71049->71050 71051 ddf7d5 71050->71051 71052 ddf7ea 71051->71052 71053 ddfb16 71051->71053 71135 d89030 240 API calls 71052->71135 71055 ddfb6c 71053->71055 71056 ddfb3f 71053->71056 71054 ddf802 71060 da7cd0 35 API calls 71054->71060 71062 ddf828 71054->71062 71071 ddfdf1 71055->71071 71191 d86204 71055->71191 71057 de01db 14 API calls 71056->71057 71058 ddfb44 71057->71058 71277 db8e60 71058->71277 71060->71062 71063 ddf860 71062->71063 71070 ddf8a1 71062->71070 71065 da7cd0 35 API calls 71063->71065 71078 ddf878 71065->71078 71066 ddfc9f 71072 d63696 121 API calls 71066->71072 71068 d63696 121 API calls 71073 ddfbf3 71068->71073 71076 ddf896 71070->71076 71087 ddf8f2 71070->71087 71077 e994aa _ValidateLocalCookies 5 API calls 71071->71077 71074 ddfcaf 71072->71074 71075 d868a0 35 API calls 71073->71075 71080 da0aa2 23 API calls 71074->71080 71110 ddfbfd 71075->71110 71076->71070 71081 da7cd0 35 API calls 71076->71081 71089 ddfed8 71076->71089 71082 ddfecd 71077->71082 71264 dc2df0 195 API calls _ValidateLocalCookies 71078->71264 71084 ddfcbb 71080->71084 71081->71087 71136 e1c50c 71082->71136 71083 ddf920 71266 da04ce 71083->71266 71197 d868a0 71084->71197 71265 ddf1b4 306 API calls 3 library calls 71087->71265 71090 ddfedb 71089->71090 71091 d63696 121 API calls 71091->71110 71092 ddf93b __fread_nolock 71100 ddf976 GetModuleFileNameW 71092->71100 71116 ddf9b8 71092->71116 71093 ddfce3 71204 de01db 71093->71204 71096 d86204 23 API calls 71099 ddf9e7 71096->71099 71098 da0920 23 API calls 71098->71110 71103 ddf9ef 71099->71103 71104 ddfb74 71099->71104 71100->71090 71105 ddf98e 71100->71105 71101 ddfd45 71108 de01db 14 API calls 71101->71108 71102 d868a0 35 API calls 71102->71110 71107 d63696 121 API calls 71103->71107 71106 da8610 35 API calls 71104->71106 71112 da7cd0 35 API calls 71105->71112 71109 ddfb8c 71106->71109 71111 ddf9ff 71107->71111 71113 ddfd58 71108->71113 71114 da8b80 35 API calls 71109->71114 71110->71066 71110->71091 71110->71098 71110->71102 71115 da0aa2 23 API calls 71111->71115 71112->71116 71274 ddc49e 23 API calls 71113->71274 71128 ddfafb 71114->71128 71118 ddfa0b 71115->71118 71116->71096 71120 d868a0 35 API calls 71118->71120 71119 ddfd60 71275 db92e0 23 API calls 71119->71275 71122 ddfa34 71120->71122 71123 d63696 121 API calls 71122->71123 71132 ddfabc 71122->71132 71125 ddfa7c 71123->71125 71124 d63696 121 API calls 71126 ddfaee 71124->71126 71129 da0920 23 API calls 71125->71129 71127 d868a0 35 API calls 71126->71127 71127->71128 71128->71055 71130 ddfa94 71129->71130 71131 d868a0 35 API calls 71130->71131 71131->71132 71132->71124 71133 ddfd79 71276 d710fe 5 API calls _ValidateLocalCookies 71133->71276 71135->71054 71137 e1c515 71136->71137 71138 e993de 3 API calls 71137->71138 71139 e1c523 71137->71139 71138->71139 71139->71025 71141 e1c50c 3 API calls 71140->71141 71142 e1c779 71141->71142 71142->71027 71144 db3ae0 71143->71144 71144->71144 71145 db3b22 71144->71145 71146 db3b94 71144->71146 71148 e993de 3 API calls 71145->71148 71150 db3b27 __fread_nolock 71145->71150 71757 da0494 23 API calls 71146->71757 71148->71150 71151 e994aa _ValidateLocalCookies 5 API calls 71150->71151 71152 db3b8a 71151->71152 71152->71029 71758 dc8690 71153->71758 71767 e273d8 71156->71767 71160 de02b5 71159->71160 71163 de025d 71159->71163 71161 e994aa _ValidateLocalCookies 5 API calls 71160->71161 71162 de0142 71161->71162 71165 e2880a 71162->71165 71968 e2870c 71163->71968 71166 e28358 136 API calls 71165->71166 71167 e28853 71166->71167 71168 e288a0 71167->71168 71169 e287cc 126 API calls 71167->71169 71170 e288c8 71168->71170 71184 e28893 71168->71184 71171 e28873 71169->71171 71172 e28358 136 API calls 71170->71172 71171->71170 71173 e28882 71171->71173 71175 e28915 71172->71175 71176 e5a9da 125 API calls 71173->71176 71174 e994aa _ValidateLocalCookies 5 API calls 71177 e288bc 71174->71177 71178 e287cc 126 API calls 71175->71178 71181 e28951 71175->71181 71179 e2888a 71176->71179 71177->71046 71182 e28931 71178->71182 71183 e46537 128 API calls 71179->71183 71180 e28986 71181->71180 71185 e994aa _ValidateLocalCookies 5 API calls 71181->71185 71182->71180 71186 e5a9da 125 API calls 71182->71186 71183->71184 71184->71174 71187 e2897a 71185->71187 71188 e28948 71186->71188 71187->71046 71189 e46537 128 API calls 71188->71189 71189->71181 71190->71036 71192 d86253 71191->71192 71193 d86221 71191->71193 71192->71066 71192->71068 71283 d65706 RaiseException EnterCriticalSection LeaveCriticalSection 71193->71283 71195 d86232 71195->71192 71196 da04ce 23 API calls 71195->71196 71196->71195 71199 d868e9 71197->71199 71203 d868c6 71197->71203 71198 d869fb 71199->71198 71284 d64170 35 API calls CallUnexpected 71199->71284 71201 e994aa _ValidateLocalCookies 5 API calls 71202 d869f1 71201->71202 71202->71093 71203->71201 71205 ddfd0d 71204->71205 71206 de0204 71204->71206 71212 ddad1e GetCurrentProcessId 71205->71212 71207 e994e7 __Init_thread_header 6 API calls 71206->71207 71208 de020e 71207->71208 71208->71205 71209 e993de 3 API calls 71208->71209 71210 de0221 71209->71210 71211 e9955d __Init_thread_footer 5 API calls 71210->71211 71211->71205 71213 db8590 50 API calls 71212->71213 71217 ddad61 71213->71217 71215 db8e60 23 API calls 71215->71217 71217->71215 71218 ddb0ca 71217->71218 71221 ddaeae 71217->71221 71236 ddaedd 71217->71236 71285 e1c868 71217->71285 71290 e1cb18 71217->71290 71495 e1c794 71217->71495 71222 ead9b4 CallUnexpected 34 API calls 71218->71222 71219 ddaefd CreateEventW CreateEventW CreateEventW 71298 ddb0cf 71219->71298 71512 dfd580 122 API calls 71221->71512 71223 ddb0cf 71222->71223 71515 e1cdd8 GetVersion 71223->71515 71227 ddaf57 SetUnhandledExceptionFilter 71230 eb3723 13 API calls 71227->71230 71228 ddaec6 71235 d61741 121 API calls 71228->71235 71232 ddaf6e 71230->71232 71231 e993de 3 API calls 71233 ddb0e7 71231->71233 71234 e993de 3 API calls 71232->71234 71233->71101 71237 ddaf78 71234->71237 71235->71236 71236->71219 71238 da04ce 23 API calls 71237->71238 71239 ddafb6 71238->71239 71303 ddc972 71239->71303 71242 d86204 23 API calls 71243 ddaff1 71242->71243 71309 d64418 71243->71309 71245 ddaffc 71246 da13a0 23 API calls 71245->71246 71247 ddb007 71246->71247 71248 ddb0a1 71247->71248 71249 ddb023 CreateThread 71247->71249 71313 ddb18d 71248->71313 71513 ddb0fc 177 API calls 2 library calls 71249->71513 71252 ddb0ad 71253 e994aa _ValidateLocalCookies 5 API calls 71252->71253 71255 ddb0be 71253->71255 71254 ddb046 71254->71252 71256 ddb093 71254->71256 71514 dac840 GetLastError 71254->71514 71255->71101 71256->71252 71264->71076 71265->71083 71267 da04fa 71266->71267 71273 da04ea __fread_nolock 71266->71273 71268 da0502 71267->71268 71269 da0554 71267->71269 71272 e993de 3 API calls 71268->71272 71268->71273 71749 da0494 23 API calls 71269->71749 71272->71273 71273->71092 71274->71119 71275->71133 71276->71071 71750 db8ac0 71277->71750 71280 e994aa _ValidateLocalCookies 5 API calls 71281 db8ea9 71280->71281 71282 ddc3b6 142 API calls _ValidateLocalCookies 71281->71282 71282->71071 71283->71195 71284->71203 71286 e1c87f 71285->71286 71289 e1c89b 71286->71289 71538 db1b70 71286->71538 71544 da06ea 71286->71544 71289->71217 71291 e1cb49 GetVersion 71290->71291 71293 e1cb73 CreateNamedPipeW 71290->71293 71292 e1cb5e 71291->71292 71291->71293 71559 e1cbc3 71292->71559 71296 e994aa _ValidateLocalCookies 5 API calls 71293->71296 71297 e1cbb9 71296->71297 71297->71217 71299 e1cdd8 129 API calls 71298->71299 71300 ddb0dd 71299->71300 71301 e993de 3 API calls 71300->71301 71302 ddb0e7 71301->71302 71302->71227 71304 ddc9ba 71303->71304 71308 ddc992 71303->71308 71305 e994aa _ValidateLocalCookies 5 API calls 71304->71305 71307 ddafe6 71305->71307 71307->71242 71308->71304 71593 ddc9ce 23 API calls _ValidateLocalCookies 71308->71593 71310 d64435 71309->71310 71311 d64446 71309->71311 71594 d65706 RaiseException EnterCriticalSection LeaveCriticalSection 71310->71594 71311->71245 71314 ddb1b1 71313->71314 71317 ddc36e 71314->71317 71595 e1cf24 71314->71595 71316 ddb23b 71319 d63696 121 API calls 71316->71319 71334 ddb287 71316->71334 71318 ead9b4 CallUnexpected 34 API calls 71317->71318 71321 ddc385 71318->71321 71322 ddb263 71319->71322 71320 db8e60 23 API calls 71328 ddb1d6 71320->71328 71692 ddcc9a 23 API calls _ValidateLocalCookies 71322->71692 71323 d63696 121 API calls 71326 ddb2d6 71323->71326 71325 e1cf24 23 API calls 71325->71328 71693 ddcc9a 23 API calls _ValidateLocalCookies 71326->71693 71327 ddb276 71331 e1cf24 23 API calls 71327->71331 71328->71316 71328->71320 71328->71325 71329 d63696 121 API calls 71332 ddb349 71329->71332 71331->71334 71694 ddcc9a 23 API calls _ValidateLocalCookies 71332->71694 71333 ddb2e9 71336 e1cf24 23 API calls 71333->71336 71334->71323 71338 ddb2fa 71334->71338 71336->71338 71337 ddb35c 71341 e1cf24 23 API calls 71337->71341 71338->71329 71346 ddb36d 71338->71346 71339 ddb643 GetCurrentProcessId OpenProcess 71342 ddb65f 71339->71342 71350 ddb71f 71339->71350 71341->71346 71599 e1d35e 71342->71599 71343 d63696 121 API calls 71373 ddb5c5 71343->71373 71344 db8e60 23 API calls 71345 ddb3cc 71344->71345 71347 d63696 121 API calls 71345->71347 71346->71344 71382 ddb404 71346->71382 71351 ddb3e2 71347->71351 71349 ddb776 71710 ddcc1a 128 API calls 71349->71710 71350->71349 71699 dac840 GetLastError 71350->71699 71695 ddcc9a 23 API calls _ValidateLocalCookies 71351->71695 71353 da0920 23 API calls 71353->71382 71357 e1cf24 23 API calls 71357->71373 71360 ddb3f3 71364 e1cf24 23 API calls 71360->71364 71361 d63696 121 API calls 71365 ddb6d4 71361->71365 71362 ddbd4f 71367 e994aa _ValidateLocalCookies 5 API calls 71362->71367 71364->71382 71372 da0920 23 API calls 71365->71372 71366 db8e60 23 API calls 71366->71382 71370 ddbd5d 71367->71370 71369 d63696 121 API calls 71369->71382 71370->71252 71375 ddb6f3 71372->71375 71373->71339 71373->71343 71373->71357 71698 ddcc9a 23 API calls _ValidateLocalCookies 71373->71698 71379 db8e60 23 API calls 71375->71379 71378 e1cf24 23 API calls 71378->71382 71380 ddb792 71379->71380 71381 e1cf24 23 API calls 71380->71381 71386 ddb7a3 71381->71386 71382->71353 71382->71366 71382->71369 71382->71373 71382->71378 71696 d6fbc0 23 API calls __fread_nolock 71382->71696 71697 ddcc9a 23 API calls _ValidateLocalCookies 71382->71697 71383 ddb7fa GetStdHandle GetStdHandle GetStdHandle 71384 ddb8bf 71383->71384 71385 ddc2d7 71383->71385 71389 e994e7 __Init_thread_header 6 API calls 71384->71389 71394 ddb8e0 71384->71394 71387 e994e7 __Init_thread_header 6 API calls 71385->71387 71386->71383 71388 ddc2e1 71387->71388 71388->71384 71390 ddc2f1 71388->71390 71391 ddc326 71389->71391 71713 e1d41c LoadLibraryW GetProcAddress 71390->71713 71391->71394 71396 ddc33f 71391->71396 71397 ddc355 71391->71397 71393 ddb968 71408 ddb99f 71393->71408 71700 da1444 23 API calls __fread_nolock 71393->71700 71394->71393 71399 ddb9a6 GetLastError 71394->71399 71410 ddb919 71394->71410 71395 ddc302 71400 e9955d __Init_thread_footer 5 API calls 71395->71400 71714 e1d41c LoadLibraryW GetProcAddress 71396->71714 71403 e9955d __Init_thread_footer 5 API calls 71397->71403 71404 ddb9b5 71399->71404 71412 ddbc72 71399->71412 71405 ddc314 71400->71405 71401 ddc350 71401->71397 71403->71394 71411 ddb9be InitializeProcThreadAttributeList 71404->71411 71405->71384 71406 ddba45 71701 eb00e1 43 API calls 2 library calls 71406->71701 71407 ddbabd CreateProcessW 71409 ddbae7 CloseHandle 71407->71409 71421 ddbc15 71407->71421 71408->71407 71426 ddbafd 71409->71426 71414 dabec0 121 API calls 71410->71414 71420 ddb963 71410->71420 71415 ddb9de 71411->71415 71429 ddbd67 71411->71429 71412->71420 71708 dac840 GetLastError 71412->71708 71417 ddb945 71414->71417 71603 ddcfe4 71415->71603 71423 d61741 121 API calls 71417->71423 71419 ddbb3c 71430 ddbb57 CloseHandle 71419->71430 71703 daca90 123 API calls _ValidateLocalCookies 71419->71703 71420->71317 71425 ddbcdd 71420->71425 71421->71420 71706 dac840 GetLastError 71421->71706 71431 ddb959 71423->71431 71433 ddcfe4 14 API calls 71425->71433 71426->71419 71702 dac840 GetLastError 71426->71702 71429->71420 71711 dac840 GetLastError 71429->71711 71452 ddbb6d 71430->71452 71440 dac2a0 121 API calls 71431->71440 71434 ddbce9 71433->71434 71446 ddbcf3 71434->71446 71440->71420 71445 ddbba6 71456 ddbbbe 71445->71456 71705 daca90 123 API calls _ValidateLocalCookies 71445->71705 71446->71434 71709 e1c79e 123 API calls _ValidateLocalCookies 71446->71709 71451 ddba0a 71451->71317 71465 ddba18 __fread_nolock 71451->71465 71466 e993de 3 API calls 71451->71466 71452->71445 71704 dac840 GetLastError 71452->71704 71621 ddc8a0 71456->71621 71458 ddbd1a 71458->71349 71465->71317 71472 ddbe90 __fread_nolock 71465->71472 71476 e993de 3 API calls 71465->71476 71466->71465 71470 ddbbd9 71633 e1c8a4 71470->71633 71472->71317 71478 ddbf80 __fread_nolock 71472->71478 71480 e993de 3 API calls 71472->71480 71476->71472 71478->71317 71481 ddc076 __fread_nolock 71478->71481 71483 e993de 3 API calls 71478->71483 71480->71478 71481->71317 71486 e993de 3 API calls 71481->71486 71487 ddc164 __fread_nolock 71481->71487 71483->71481 71484 ddc248 71485 ddce6a 166 API calls 71484->71485 71488 ddc256 71485->71488 71486->71487 71681 ddce6a 71487->71681 71489 ddce6a 166 API calls 71488->71489 71490 ddc264 UpdateProcThreadAttribute 71489->71490 71490->71393 71491 ddc292 71490->71491 71491->71420 71712 dac840 GetLastError 71491->71712 71496 e46537 71495->71496 71725 e5ac0e FindCloseChangeNotification 71496->71725 71499 e46549 71499->71217 71501 e465cf 71502 e994aa _ValidateLocalCookies 5 API calls 71501->71502 71503 e465d9 71502->71503 71503->71217 71504 e46576 71504->71501 71745 dac840 GetLastError 71504->71745 71512->71228 71513->71254 71516 e1ce99 InitializeCriticalSection 71515->71516 71517 e1ce08 71515->71517 71518 e1ce92 71516->71518 71517->71516 71519 e1ce16 71517->71519 71520 e994aa _ValidateLocalCookies 5 API calls 71518->71520 71521 e1ce37 InitializeCriticalSectionEx 71519->71521 71523 e994e7 __Init_thread_header 6 API calls 71519->71523 71522 ddb0dd 71520->71522 71521->71518 71525 e1ce4b 71521->71525 71522->71231 71524 e1cec3 71523->71524 71524->71521 71526 e1ced3 71524->71526 71525->71518 71747 dac840 GetLastError 71525->71747 71748 e1d41c LoadLibraryW GetProcAddress 71526->71748 71529 e1cee4 71531 e9955d __Init_thread_footer 5 API calls 71529->71531 71533 e1cef6 71531->71533 71533->71521 71539 db1bb4 __aullrem 71538->71539 71541 db1bfb __aullrem 71539->71541 71548 dc9a00 71539->71548 71542 e994aa _ValidateLocalCookies 5 API calls 71541->71542 71543 db1c19 71542->71543 71543->71286 71545 da06f9 71544->71545 71547 da0732 __fread_nolock 71544->71547 71545->71547 71558 da0ac4 23 API calls __fread_nolock 71545->71558 71547->71286 71549 dc9a0a SystemFunction036 71548->71549 71550 dc9a17 71548->71550 71549->71550 71551 dc9a19 71549->71551 71550->71539 71552 dc9a4f GetSystemTimeAsFileTime 71551->71552 71553 dc9a8d __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 71551->71553 71552->71553 71554 dc9b7d 71553->71554 71556 dc9af7 GetSystemTimeAsFileTime 71553->71556 71555 e994aa _ValidateLocalCookies 5 API calls 71554->71555 71557 dc9c66 71555->71557 71556->71553 71557->71539 71558->71547 71562 e1cbe5 71559->71562 71560 e1cdd2 71561 e1cc0a 71565 e994aa _ValidateLocalCookies 5 API calls 71561->71565 71562->71560 71562->71561 71563 e994e7 __Init_thread_header 6 API calls 71562->71563 71564 e1cc56 71563->71564 71564->71561 71566 e1cc62 ConvertStringSecurityDescriptorToSecurityDescriptorW 71564->71566 71567 e1cc42 71565->71567 71568 e1cc8d BuildExplicitAccessWithNameW BuildSecurityDescriptorW 71566->71568 71571 e1cd55 71566->71571 71567->71293 71569 e1cd03 SetLastError 71568->71569 71589 e1cd53 71568->71589 71570 e1cd13 71569->71570 71570->71589 71590 dac840 GetLastError 71570->71590 71587 e1cd98 71571->71587 71591 dac840 GetLastError 71571->71591 71573 e9955d __Init_thread_footer 5 API calls 71573->71561 71587->71573 71589->71587 71592 e46608 125 API calls _ValidateLocalCookies 71589->71592 71592->71587 71593->71308 71594->71311 71596 e1cf38 71595->71596 71598 e1cfaf 71596->71598 71715 da1878 23 API calls __fread_nolock 71596->71715 71598->71328 71600 e1d38d 71599->71600 71601 db8590 50 API calls 71600->71601 71602 ddb6c4 71601->71602 71602->71361 71604 ddb9f0 71603->71604 71605 ddcff0 71603->71605 71614 ddcdde 71604->71614 71606 ddd00f DeleteProcThreadAttributeList 71605->71606 71607 e994e7 __Init_thread_header 6 API calls 71605->71607 71606->71604 71608 ddd02b 71607->71608 71608->71606 71609 ddd037 71608->71609 71716 e1d41c LoadLibraryW GetProcAddress 71609->71716 71611 ddd048 71612 e9955d __Init_thread_footer 5 API calls 71611->71612 71613 ddd05a 71612->71613 71613->71606 71615 ddcdfa 71614->71615 71620 ddce17 __fread_nolock 71614->71620 71616 ddce65 71615->71616 71617 ddce02 71615->71617 71618 ead9b4 CallUnexpected 34 API calls 71616->71618 71619 e993de 3 API calls 71617->71619 71618->71616 71619->71620 71620->71451 71622 ddc8bc 71621->71622 71623 ddc8b2 71621->71623 71622->71470 71624 ddc8b6 71623->71624 71625 ddc8d1 71623->71625 71626 e1c794 128 API calls 71624->71626 71627 ead9b4 CallUnexpected 34 API calls 71625->71627 71626->71622 71628 ddc8d6 __fread_nolock 71627->71628 71717 ddc770 128 API calls _ValidateLocalCookies 71628->71717 71630 ddc95e 71631 e994aa _ValidateLocalCookies 5 API calls 71630->71631 71632 ddc968 71631->71632 71632->71470 71634 e1c8c3 71633->71634 71635 e1c8cd CreateFileW 71634->71635 71639 e1c911 WaitNamedPipeW 71634->71639 71636 e1c8f6 GetLastError 71635->71636 71637 e1c95e SetNamedPipeHandleState 71635->71637 71636->71634 71643 e1ca25 71636->71643 71638 e1c980 TransactNamedPipe 71637->71638 71641 e1ca73 71637->71641 71646 e1caac 71638->71646 71648 e1c9a3 71638->71648 71639->71634 71651 e1c91e 71639->71651 71640 e1ca20 71642 e1c794 128 API calls 71640->71642 71641->71640 71722 dac840 GetLastError 71641->71722 71644 e1ca6c 71642->71644 71643->71644 71721 dac840 GetLastError 71643->71721 71650 e994aa _ValidateLocalCookies 5 API calls 71644->71650 71646->71640 71723 dac840 GetLastError 71646->71723 71648->71640 71654 dabec0 121 API calls 71648->71654 71656 e1cb0b 71650->71656 71651->71644 71718 dac840 GetLastError 71651->71718 71661 e1c9dd 71654->71661 71656->71420 71665 d61741 121 API calls 71661->71665 71667 e1c9f0 71665->71667 71719 d8a3e0 121 API calls 71667->71719 71673 e1c9fc 71676 d61741 121 API calls 71673->71676 71677 e1ca09 71676->71677 71720 d8a3e0 121 API calls 71677->71720 71682 ddce83 GetFileType 71681->71682 71684 ddce7b __fread_nolock 71681->71684 71682->71684 71685 ddce96 71682->71685 71683 ddcf6e 71687 ead9b4 CallUnexpected 34 API calls 71683->71687 71684->71484 71685->71683 71685->71684 71686 ddcf09 71685->71686 71688 e993de 3 API calls 71686->71688 71689 ddcf7a 71687->71689 71688->71684 71724 ddacee 177 API calls 2 library calls 71689->71724 71691 ddcf8b 71691->71484 71692->71327 71693->71333 71694->71337 71695->71360 71696->71382 71697->71382 71698->71373 71700->71406 71701->71408 71703->71430 71705->71456 71709->71458 71710->71362 71713->71395 71714->71401 71715->71598 71716->71611 71717->71630 71719->71673 71724->71691 71727 e5ac38 71725->71727 71726 e5ac7f 71728 e994aa _ValidateLocalCookies 5 API calls 71726->71728 71727->71726 71746 dac840 GetLastError 71727->71746 71730 e46542 71728->71730 71730->71499 71737 e5a51e ReadFile 71730->71737 71738 e5a596 GetLastError 71737->71738 71743 e5a55d 71737->71743 71739 e5a5a8 71738->71739 71740 e994aa _ValidateLocalCookies 5 API calls 71739->71740 71741 e5a5c6 71739->71741 71742 e5a5b7 71740->71742 71742->71504 71743->71739 71744 e5a578 ReadFile 71743->71744 71744->71738 71744->71743 71748->71529 71754 db8ae1 71750->71754 71751 db8ae8 71752 e994aa _ValidateLocalCookies 5 API calls 71751->71752 71753 db8e4e 71752->71753 71753->71280 71754->71751 71756 da1690 23 API calls __fread_nolock 71754->71756 71756->71751 71759 dc8704 71758->71759 71762 dc86c2 71758->71762 71760 e994e7 __Init_thread_header 6 API calls 71759->71760 71761 dc870e 71760->71761 71761->71762 71763 dc871a GetNativeSystemInfo 71761->71763 71764 e994aa _ValidateLocalCookies 5 API calls 71762->71764 71765 e9955d __Init_thread_footer 5 API calls 71763->71765 71766 dc86fc 71764->71766 71765->71762 71766->71033 71768 e993de 3 API calls 71767->71768 71769 e273eb 71768->71769 71772 e2526e 71769->71772 71773 e25290 71772->71773 71774 e25297 71772->71774 71788 e25307 71773->71788 71809 e25423 71774->71809 71777 e25295 71778 da8b80 35 API calls 71777->71778 71787 e252e4 71777->71787 71780 e252b2 71778->71780 71779 e994aa _ValidateLocalCookies 5 API calls 71781 e252fb 71779->71781 71782 e25307 126 API calls 71780->71782 71781->71042 71783 e252b9 71782->71783 71784 da8b80 35 API calls 71783->71784 71783->71787 71785 e252dc 71784->71785 71839 e282ae 71785->71839 71787->71779 71789 e25327 71788->71789 71790 e25329 CreateDirectoryW 71788->71790 71789->71790 71791 e2533c GetLastError 71790->71791 71797 e2540a 71790->71797 71793 e25349 71791->71793 71796 e25353 71791->71796 71792 e994aa _ValidateLocalCookies 5 API calls 71794 e25416 71792->71794 71795 e994aa _ValidateLocalCookies 5 API calls 71793->71795 71794->71777 71795->71796 71796->71797 71851 dac840 GetLastError 71796->71851 71797->71792 71810 e25443 71809->71810 71811 e25445 GetFileAttributesW 71809->71811 71810->71811 71813 e25514 71811->71813 71816 e25455 71811->71816 71812 e994aa _ValidateLocalCookies 5 API calls 71814 e255c6 71812->71814 71838 e2550f 71813->71838 71853 dac840 GetLastError 71813->71853 71814->71777 71818 dabec0 121 API calls 71816->71818 71816->71838 71820 e25488 71818->71820 71822 d61741 121 API calls 71820->71822 71824 e2549b 71822->71824 71852 db92e0 23 API calls 71824->71852 71827 e254bb 71830 d61741 121 API calls 71827->71830 71831 e254da 71830->71831 71834 d61741 121 API calls 71831->71834 71836 e254ea 71834->71836 71837 dac2a0 121 API calls 71836->71837 71837->71838 71838->71812 71840 da7db0 23 API calls 71839->71840 71841 e282d7 71840->71841 71854 e28358 71841->71854 71844 e28354 71847 e994aa _ValidateLocalCookies 5 API calls 71849 e28348 71847->71849 71849->71787 71850 e28323 71850->71847 71852->71827 71855 e28392 71854->71855 71885 e28388 71854->71885 71917 e5a5fd 71855->71917 71863 e2848b 71870 e28509 71863->71870 71875 e284e9 71863->71875 71877 e5a9da 125 API calls 71863->71877 71864 e283d0 71865 e283d8 71864->71865 71869 e5a5fd CreateFileW 71864->71869 71865->71863 71937 e2898a 71865->71937 71868 e283ae 71872 e1c794 128 API calls 71868->71872 71873 e283bb 71868->71873 71874 e283ec 71869->71874 71871 e2844f 71878 e1c794 128 API calls 71871->71878 71882 e2845c 71871->71882 71872->71873 71961 e28aa8 136 API calls 2 library calls 71873->71961 71876 e2840b 71874->71876 71962 e5a927 125 API calls _ValidateLocalCookies 71874->71962 71879 e994aa _ValidateLocalCookies 5 API calls 71875->71879 71963 e28aa8 136 API calls 2 library calls 71876->71963 71881 e284e0 71877->71881 71878->71882 71884 e28300 71879->71884 71887 e46537 128 API calls 71881->71887 71965 e28aa8 136 API calls 2 library calls 71882->71965 71884->71844 71884->71850 71889 e5a9da UnlockFileEx 71884->71889 71885->71865 71920 e5a829 71885->71920 71886 e283fe 71886->71876 71888 e1c794 128 API calls 71886->71888 71887->71875 71888->71876 71890 e5aa67 71889->71890 71893 e5aa21 71889->71893 71891 e994aa _ValidateLocalCookies 5 API calls 71890->71891 71892 e2831a 71891->71892 71901 e46537 71892->71901 71893->71890 71966 dac840 GetLastError 71893->71966 71902 e5ac0e 125 API calls 71901->71902 71903 e46542 71902->71903 71904 e46549 71903->71904 71905 e5a51e 8 API calls 71903->71905 71904->71850 71909 e46576 71905->71909 71906 e465cf 71907 e994aa _ValidateLocalCookies 5 API calls 71906->71907 71908 e465d9 71907->71908 71908->71850 71909->71906 71967 dac840 GetLastError 71909->71967 71918 e5a5c9 CreateFileW 71917->71918 71919 e2839c 71918->71919 71919->71873 71960 e5a927 125 API calls _ValidateLocalCookies 71919->71960 71921 e5a5c9 CreateFileW 71920->71921 71922 e5a853 71921->71922 71923 e5a910 71922->71923 71926 dac840 GetLastError 71922->71926 71924 e994aa _ValidateLocalCookies 5 API calls 71923->71924 71925 e2843d 71924->71925 71925->71882 71964 e5a927 125 API calls _ValidateLocalCookies 71925->71964 71927 e5a878 71926->71927 71928 dac9e0 121 API calls 71927->71928 71929 e5a890 71928->71929 71930 d61741 121 API calls 71929->71930 71931 e5a8a3 71930->71931 71932 db92e0 23 API calls 71931->71932 71933 e5a8c7 71932->71933 71934 d61741 121 API calls 71933->71934 71935 e5a8eb 71934->71935 71936 daca90 123 API calls 71935->71936 71936->71923 71938 e5aa84 125 API calls 71937->71938 71939 e289ae 71938->71939 71940 e28a8c 71939->71940 71942 e289c2 71939->71942 71943 e289cd 71939->71943 71941 e994aa _ValidateLocalCookies 5 API calls 71940->71941 71946 e28a98 71941->71946 71944 e46443 128 API calls 71942->71944 71945 e463fd 128 API calls 71943->71945 71947 e289cb 71944->71947 71945->71947 71946->71863 71947->71940 71948 e28a3c 71947->71948 71950 e289e9 71947->71950 71948->71940 71949 dabec0 121 API calls 71948->71949 71951 e28a63 71949->71951 71950->71940 71952 dabec0 121 API calls 71950->71952 71953 d61741 121 API calls 71951->71953 71954 e28a20 71952->71954 71955 e28a33 71953->71955 71956 d61741 121 API calls 71954->71956 71957 d8a3e0 121 API calls 71955->71957 71956->71955 71958 e28a85 71957->71958 71959 dac2a0 121 API calls 71958->71959 71959->71940 71960->71868 71961->71864 71962->71886 71963->71885 71964->71871 71965->71865 71969 e28358 136 API calls 71968->71969 71970 e28755 71969->71970 71979 e28794 71970->71979 71980 e287cc 71970->71980 71971 e287c9 71974 e994aa _ValidateLocalCookies 5 API calls 71975 e287bd 71974->71975 71975->71160 71976 e5a9da 125 API calls 71977 e2878b 71976->71977 71978 e46537 128 API calls 71977->71978 71978->71979 71979->71971 71979->71974 71987 e5aa84 SetFilePointerEx 71980->71987 71983 e28774 71983->71971 71983->71976 71988 e5ab0f 71987->71988 71998 e5aaff 71987->71998 71988->71998 72026 dac840 GetLastError 71988->72026 71989 e994aa _ValidateLocalCookies 5 API calls 71990 e287de 71989->71990 71990->71983 71999 e5ab75 71990->71999 71998->71989 72000 e5aa84 125 API calls 71999->72000 72001 e5ab98 72000->72001 72002 e5ab9f SetEndOfFile 72001->72002 72003 e5abf6 72001->72003 72002->72003 72006 e5abac 72002->72006 72004 e994aa _ValidateLocalCookies 5 API calls 72003->72004 72005 e287eb 72004->72005 72005->71983 72014 e46489 72005->72014 72006->72003 72027 dac840 GetLastError 72006->72027 72017 e464b8 72014->72017 72015 e994aa _ValidateLocalCookies 5 API calls 72016 e4652a 72015->72016 72016->71983 72018 e4651a 72017->72018 72028 dac840 GetLastError 72017->72028 72018->72015 72031 da1bcc 72030->72031 72032 da1536 23 API calls 72031->72032 72033 da1bd8 72032->72033 72033->70468 72034->70487 72035->69885 72036->69887 72038 db8876 __fread_nolock 72037->72038 72039 de66b0 13 API calls 72038->72039 72040 db88a4 72039->72040 72058 e9eddb 72040->72058 72042 db88f0 72043 db8908 72042->72043 72044 db890f 72042->72044 72054 db8920 __fread_nolock 72042->72054 72062 da1878 23 API calls __fread_nolock 72043->72062 72049 de66e0 12 API calls 72044->72049 72045 db88ca 72045->72042 72061 e9edb7 45 API calls 72045->72061 72047 e993de 3 API calls 72047->72054 72050 db8a25 72049->72050 72051 e994aa _ValidateLocalCookies 5 API calls 72050->72051 72052 db881c 72051->72052 72052->69899 72053 e9eddb 45 API calls 72053->72054 72054->72044 72054->72047 72054->72053 72055 db8a01 72054->72055 72063 e9edb7 45 API calls 72054->72063 72064 da1878 23 API calls __fread_nolock 72055->72064 72065 e9f500 72058->72065 72060 e9edfd 72060->72045 72061->72042 72062->72044 72063->72054 72064->72044 72066 e9f50c 72065->72066 72067 e9f521 72065->72067 72068 eaa7f2 __dosmaperr 11 API calls 72066->72068 72070 e9f532 72067->72070 72073 e9f555 72067->72073 72069 e9f511 72068->72069 72096 eabe02 22 API calls __strftime_l 72069->72096 72072 eaa7f2 __dosmaperr 11 API calls 72070->72072 72082 e9f53b 72070->72082 72094 e9f5e3 72072->72094 72075 eaa7f2 __dosmaperr 11 API calls 72073->72075 72074 e9f51c 72074->72060 72076 e9f55a 72075->72076 72078 e9f594 72076->72078 72079 e9f567 72076->72079 72098 ea1ac4 45 API calls 3 library calls 72078->72098 72097 ea1ac4 45 API calls 3 library calls 72079->72097 72082->72060 72083 e9f579 72085 e9f581 72083->72085 72086 e9f5d0 72083->72086 72084 e9f5a6 72084->72086 72088 e9f5ba 72084->72088 72087 eaa7f2 __dosmaperr 11 API calls 72085->72087 72086->72082 72091 eaa7f2 __dosmaperr 11 API calls 72086->72091 72089 e9f586 72087->72089 72090 eaa7f2 __dosmaperr 11 API calls 72088->72090 72089->72082 72093 eaa7f2 __dosmaperr 11 API calls 72089->72093 72092 e9f5bf 72090->72092 72091->72094 72092->72082 72095 eaa7f2 __dosmaperr 11 API calls 72092->72095 72093->72082 72099 eabe02 22 API calls __strftime_l 72094->72099 72095->72082 72096->72074 72097->72083 72098->72084 72099->72082 72100->69906 72101->69928 72102->69929 72103->69924 72105 da2225 72104->72105 72110 da225a 72105->72110 72108->69950 72111 da226b 72110->72111 72114 da223a 72111->72114 72115 da04a2 23 API calls 72111->72115 72114->69939 72114->69941 72117 da4750 _strlen 72116->72117 72118 e994aa _ValidateLocalCookies 5 API calls 72117->72118 72119 da4785 72118->72119 72119->69958 72119->69959 72121 dabbdc 72120->72121 72122 dabbc5 72120->72122 72125 e994aa _ValidateLocalCookies 5 API calls 72121->72125 72123 dabbcf 72122->72123 72124 dabbe1 72122->72124 72123->72121 72128 dabce3 CreateFileW 72123->72128 72126 e993de 3 API calls 72124->72126 72127 dabe00 72125->72127 72129 dabbe8 __fread_nolock 72126->72129 72127->69963 72128->72121 72130 dabd1c __fread_nolock 72128->72130 72131 dabc03 GetModuleFileNameW 72129->72131 72132 dabd32 GetCurrentDirectoryW 72130->72132 72133 dabc2e 72131->72133 72132->72121 72134 dabd58 72132->72134 72135 dabc3c 72133->72135 72136 dabe0d 72133->72136 72134->72121 72137 da1bbc 23 API calls 72134->72137 72139 dabe14 72135->72139 72140 dabc5a 72135->72140 72144 dabc43 __fread_nolock 72135->72144 72162 da0494 23 API calls 72136->72162 72146 dabd6f 72137->72146 72142 ead9b4 CallUnexpected 34 API calls 72139->72142 72141 e993de 3 API calls 72140->72141 72141->72144 72143 dabe19 72142->72143 72150 dabcbc 72144->72150 72158 da1dd6 23 API calls CatchIt 72144->72158 72145 dabd98 72161 da1a38 23 API calls 72145->72161 72146->72145 72160 da1a38 23 API calls 72146->72160 72149 dabda8 72151 dabdb3 72149->72151 72152 dabdb5 CreateFileW 72149->72152 72159 da1a38 23 API calls 72150->72159 72151->72152 72152->72121 72155 dabdea 72152->72155 72155->72121 72156 dabcc8 72156->72121 72156->72123 72157->69981 72158->72150 72159->72156 72160->72145 72161->72149 72239 d9bad0 72163->72239 72166 d89a56 72167 d9bad0 11 API calls 72166->72167 72168 d89a6a 72167->72168 72168->69987 72170 dabf8d _strlen 72169->72170 72248 db5530 72170->72248 72173 dac295 72174 d61741 119 API calls 72177 dabff9 _strlen 72174->72177 72175 dac028 72203 dac05b 72175->72203 72277 de6720 GetCurrentProcessId 72175->72277 72177->72175 72182 d61741 119 API calls 72177->72182 72178 dac18b 72185 dac194 GetTickCount 72178->72185 72186 dac1b5 72178->72186 72179 dac096 GetLocalTime 72280 d8a020 121 API calls 72179->72280 72180 dac03c 72278 de6700 121 API calls 72180->72278 72188 dac017 72182->72188 72286 d8a7a0 121 API calls 72185->72286 72193 dac1eb 72186->72193 72204 dac1bc _strlen 72186->72204 72194 d61741 119 API calls 72188->72194 72189 dac0ce 72281 d8a020 121 API calls 72189->72281 72191 dac046 72197 d61741 119 API calls 72191->72197 72196 d61741 119 API calls 72193->72196 72194->72175 72200 dac1f8 72196->72200 72197->72203 72198 dac1a4 72202 d61741 119 API calls 72198->72202 72208 d8a200 119 API calls 72200->72208 72201 dac0e8 72207 d61741 119 API calls 72201->72207 72209 dac1b2 72202->72209 72206 dac086 72203->72206 72279 d81c60 GetCurrentThreadId 72203->72279 72210 d61741 119 API calls 72204->72210 72206->72178 72206->72179 72212 dac0fa 72207->72212 72211 dac1e0 72208->72211 72209->72186 72210->72211 72214 d61741 119 API calls 72211->72214 72282 d8a020 121 API calls 72212->72282 72215 dac215 72214->72215 72252 db4e00 72215->72252 72216 dac117 72283 d8a020 121 API calls 72216->72283 72220 dac131 72284 d8a020 121 API calls 72220->72284 72222 d61741 119 API calls 72223 dac233 72222->72223 72255 d8a200 72223->72255 72224 dac14b 72225 d61741 119 API calls 72224->72225 72227 dac159 72225->72227 72285 d8a020 121 API calls 72227->72285 72230 d61741 119 API calls 72231 dac24d 72230->72231 72267 d65604 72231->72267 72232 dac176 72233 d61741 119 API calls 72232->72233 72235 dac188 72233->72235 72235->72178 72236 dac259 72237 e994aa _ValidateLocalCookies 5 API calls 72236->72237 72238 d611a4 72237->72238 72238->69991 72242 d9ba10 72239->72242 72243 d8b08a 72242->72243 72244 d9ba70 72242->72244 72243->72166 72245 e994e7 __Init_thread_header 6 API calls 72244->72245 72246 d9ba7a 72245->72246 72246->72243 72247 e9955d __Init_thread_footer 5 API calls 72246->72247 72247->72243 72251 db5560 72248->72251 72249 e994aa _ValidateLocalCookies 5 API calls 72250 dabfaf 72249->72250 72250->72173 72250->72174 72251->72249 72287 d8ac90 72252->72287 72256 d8a249 72255->72256 72257 d8a33c 72255->72257 72259 d8a260 72256->72259 72261 d89db0 121 API calls 72256->72261 72258 d619a0 121 API calls 72257->72258 72260 d8a344 72258->72260 72314 d9bb88 72259->72314 72260->72230 72261->72259 72263 d8a28f 72264 d8a2d3 72263->72264 72265 d9bb88 10 API calls 72263->72265 72264->72257 72320 d8afea 121 API calls 72264->72320 72265->72264 72268 d65615 72267->72268 72269 d65628 72267->72269 72270 d65619 72268->72270 72272 d656ff 72268->72272 72273 d6567a 72268->72273 72271 d65651 72269->72271 72269->72272 72270->72236 72271->72270 72275 e993de 3 API calls 72271->72275 72323 da0494 23 API calls 72272->72323 72273->72270 72276 e993de 3 API calls 72273->72276 72275->72270 72276->72270 72277->72180 72278->72191 72280->72189 72281->72201 72282->72216 72283->72220 72284->72224 72285->72232 72286->72198 72288 d8acf4 72287->72288 72294 d8acd6 72287->72294 72292 d8ad0e 72288->72292 72301 d89db0 72288->72301 72292->72294 72309 d8afea 121 API calls 72292->72309 72295 d619a0 72294->72295 72296 d619b5 72295->72296 72297 d619fa 72295->72297 72296->72297 72310 d890f8 8 API calls 72296->72310 72297->72222 72299 d619c8 72299->72297 72311 d8afea 121 API calls 72299->72311 72302 d89deb 72301->72302 72307 d89e4b 72301->72307 72312 d89fe8 121 API calls 72302->72312 72304 d89e43 72305 d619a0 121 API calls 72304->72305 72305->72307 72306 d89e06 72306->72304 72313 d8afea 121 API calls 72306->72313 72307->72292 72309->72294 72310->72299 72311->72297 72312->72306 72313->72304 72321 d9bb32 9 API calls _ValidateLocalCookies 72314->72321 72316 d9bb98 72317 d9bbae 72316->72317 72322 d9b9d4 RaiseException CallUnexpected 72316->72322 72317->72263 72319 d9bbb8 72319->72263 72320->72257 72321->72316 72322->72319 72324->69999 72325->69993 72328 da59b0 72326->72328 72327 da13a0 23 API calls 72331 da5a14 72327->72331 72328->72327 72328->72331 72329 e994aa _ValidateLocalCookies 5 API calls 72330 da5bc3 72329->72330 72330->70009 72331->72329 72333 da5f1d 72332->72333 72343 da5c4b 72332->72343 72334 e994aa _ValidateLocalCookies 5 API calls 72333->72334 72335 da5904 72334->72335 72335->70012 72344 da1a38 23 API calls 72335->72344 72336 da13a0 23 API calls 72336->72343 72337 da225a 23 API calls 72337->72343 72340 da1878 23 API calls 72340->72343 72341 da5960 23 API calls 72341->72343 72343->72333 72343->72336 72343->72337 72343->72340 72343->72341 72346 da1a38 23 API calls 72343->72346 72347 da5220 23 API calls 2 library calls 72343->72347 72348 d67c80 35 API calls 2 library calls 72343->72348 72344->70014 72345->70012 72346->72343 72347->72343 72348->72343 72349->70019 72351 d8aba5 72350->72351 72355 d8abdb 72350->72355 72354 d89db0 121 API calls 72351->72354 72357 d8abbc 72351->72357 72352 d619a0 121 API calls 72353 d8ac23 72352->72353 72353->70032 72354->72357 72355->72352 72357->72355 72379 d8afea 121 API calls 72357->72379 72359 eb28db 72358->72359 72360 eb28f8 72358->72360 72359->72360 72361 eb28e8 72359->72361 72362 eb28fc 72359->72362 72360->70041 72364 eaa7f2 __dosmaperr 11 API calls 72361->72364 72380 eb2af4 72362->72380 72365 eb28ed 72364->72365 72388 eabe02 22 API calls __strftime_l 72365->72388 72369 eb19b5 72368->72369 72373 eb19be 72368->72373 72413 eb1b06 70 API calls 72369->72413 72371 eb19bb 72371->70046 72372 eb19cf 72372->70046 72373->72372 72414 eb1c8b 70 API calls 2 library calls 72373->72414 72375 eb19f6 72375->70046 72376->70061 72377->70042 72379->72355 72381 eb2b00 CallCatchBlock 72380->72381 72389 e9ea3f EnterCriticalSection 72381->72389 72383 eb2b0e 72390 eb2ab1 72383->72390 72387 eb292e 72387->70041 72388->72360 72389->72383 72398 eb872c 72390->72398 72392 eb2ac5 72403 eb2930 68 API calls 4 library calls 72392->72403 72394 eb2ae0 72404 eb8813 66 API calls 72394->72404 72396 eb2aeb 72397 eb2b43 LeaveCriticalSection __fread_nolock 72396->72397 72397->72387 72405 eb87d8 72398->72405 72400 eb8797 ___std_exception_destroy 72400->72392 72401 eb873d 72401->72400 72402 dc8c30 ___std_exception_copy 2 API calls 72401->72402 72402->72400 72403->72394 72404->72396 72407 eb87e4 72405->72407 72406 eb8805 72406->72401 72407->72406 72411 eaabfd 22 API calls 2 library calls 72407->72411 72409 eb87ff 72412 ebde3e 22 API calls 2 library calls 72409->72412 72411->72409 72412->72406 72413->72371 72414->72375 72416 df3947 72415->72416 72417 df3975 72415->72417 72418 df3932 72415->72418 72419 df3960 72415->72419 72431 df3945 72415->72431 72425 e993de 3 API calls 72416->72425 72416->72431 72420 e993de 3 API calls 72417->72420 72421 e993de 3 API calls 72418->72421 72422 e993de 3 API calls 72419->72422 72423 df397c 72420->72423 72424 df3939 72421->72424 72426 df3967 72422->72426 72444 e39530 128 API calls _ValidateLocalCookies 72423->72444 72442 e392c0 GetHandleVerifier CreateEventW GetLastError SetLastError ResetEvent 72424->72442 72429 df3998 72425->72429 72443 e3ac30 GetHandleVerifier CreateIoCompletionPort GetLastError SetLastError 72426->72443 72445 e39530 128 API calls _ValidateLocalCookies 72429->72445 72431->70064 72446 df3a00 72433->72446 72435 db9e6e 72449 df3af0 72435->72449 72437 db9e89 72455 dfb0a0 72437->72455 72442->72431 72443->72431 72444->72431 72445->72431 72462 dbbaf0 72446->72462 72450 df3b1a 72449->72450 72468 df3a50 72450->72468 72453 e994aa _ValidateLocalCookies 5 API calls 72454 df3b58 72453->72454 72454->72437 72564 df1900 72455->72564 72463 dbbb17 72462->72463 72467 dbbb10 72462->72467 72464 e994e7 __Init_thread_header 6 API calls 72463->72464 72465 dbbb21 72464->72465 72466 e9955d __Init_thread_footer 5 API calls 72465->72466 72465->72467 72466->72467 72467->72435 72477 e3b9e0 72468->72477 72471 e993de 3 API calls 72472 df3a8a 72471->72472 72482 df3be0 72472->72482 72475 e994aa _ValidateLocalCookies 5 API calls 72476 df3adf 72475->72476 72476->72453 72478 e993de 3 API calls 72477->72478 72479 e3b9f6 72478->72479 72496 e3b7a0 72479->72496 72484 df3c20 72482->72484 72483 df3c5c 72502 df39b0 72483->72502 72484->72483 72522 db1c30 20 API calls _ValidateLocalCookies 72484->72522 72487 df3c94 72505 df3de0 72487->72505 72491 df3ce3 72493 df3cf0 72491->72493 72523 d81c60 GetCurrentThreadId 72491->72523 72494 e994aa _ValidateLocalCookies 5 API calls 72493->72494 72495 df3ab5 72494->72495 72495->72475 72497 e3b7cb 72496->72497 72498 e993de 3 API calls 72497->72498 72499 e3b7ed 72498->72499 72500 e994aa _ValidateLocalCookies 5 API calls 72499->72500 72501 df3a7d 72500->72501 72501->72471 72524 dca910 72502->72524 72506 df3e40 72505->72506 72535 e3d500 72506->72535 72508 df3f06 72509 e993de 3 API calls 72508->72509 72510 df3f7b 72509->72510 72540 e3d920 72510->72540 72512 df3f98 72545 df9a60 72512->72545 72514 df40a6 72515 df40b8 __fread_nolock 72514->72515 72548 db1b20 8 API calls _ValidateLocalCookies 72514->72548 72517 e994aa _ValidateLocalCookies 5 API calls 72515->72517 72518 df3cd7 72517->72518 72519 dacde0 72518->72519 72520 e993de 3 API calls 72519->72520 72521 dacdf2 72520->72521 72521->72491 72522->72483 72525 dca93e 72524->72525 72526 dca956 72524->72526 72527 e994aa _ValidateLocalCookies 5 API calls 72525->72527 72528 e994e7 __Init_thread_header 6 API calls 72526->72528 72529 dca94e 72527->72529 72530 dca960 72528->72530 72529->72487 72530->72525 72534 dffdf0 23 API calls 72530->72534 72532 e9955d __Init_thread_footer 5 API calls 72532->72525 72533 dca974 72533->72532 72534->72533 72549 e5ecb0 72535->72549 72538 e5ecb0 3 API calls 72539 e3d54a 72538->72539 72539->72508 72541 e993de 3 API calls 72540->72541 72542 e3d93b 72541->72542 72543 e993de 3 API calls 72542->72543 72544 e3d958 72543->72544 72544->72512 72546 e993de 3 API calls 72545->72546 72547 df9a75 72546->72547 72547->72514 72548->72515 72550 e993de 3 API calls 72549->72550 72551 e5ecc6 72550->72551 72552 e993de 3 API calls 72551->72552 72553 e5ecdc 72552->72553 72554 e993de 3 API calls 72553->72554 72555 e5ecf2 72554->72555 72556 e993de 3 API calls 72555->72556 72557 e5ed08 72556->72557 72558 e993de 3 API calls 72557->72558 72559 e5ed1e 72558->72559 72560 e993de 3 API calls 72559->72560 72561 e5ed34 72560->72561 72562 e993de 3 API calls 72561->72562 72563 e3d536 72562->72563 72563->72538 72566 df1920 72564->72566 72565 e994e7 __Init_thread_header 6 API calls 72565->72566 72566->72565 72567 e9955d __Init_thread_footer 5 API calls 72566->72567 72567->72566 72600->70107 72601 d71c50 72604 ea7b93 72601->72604 72607 ea7cba 72604->72607 72608 ea7cda 72607->72608 72609 ea7cc8 72607->72609 72619 ea7df8 72608->72619 72635 e9a489 GetModuleHandleW 72609->72635 72613 ea7ccd 72613->72608 72636 ea7c12 GetModuleHandleExW 72613->72636 72614 d71c5a 72620 ea7e04 CallCatchBlock 72619->72620 72642 eb7ce1 EnterCriticalSection 72620->72642 72622 ea7e0e 72643 ea7d1e 72622->72643 72624 ea7e1b 72647 ea7e39 72624->72647 72627 ea7c65 72652 eb97fb GetPEB 72627->72652 72630 ea7c94 72633 ea7c12 CallUnexpected 3 API calls 72630->72633 72631 ea7c74 GetPEB 72631->72630 72632 ea7c84 GetCurrentProcess TerminateProcess 72631->72632 72632->72630 72634 ea7c9c ExitProcess 72633->72634 72635->72613 72637 ea7c31 GetProcAddress 72636->72637 72638 ea7c54 72636->72638 72639 ea7c46 72637->72639 72640 ea7c5a FreeLibrary 72638->72640 72641 ea7c63 72638->72641 72639->72638 72640->72641 72641->72608 72642->72622 72644 ea7d2a CallCatchBlock 72643->72644 72646 ea7d8b CallUnexpected 72644->72646 72650 eaa0f0 EnterCriticalSection LeaveCriticalSection CallUnexpected 72644->72650 72646->72624 72651 eb7cf8 LeaveCriticalSection 72647->72651 72649 ea7d0d 72649->72614 72649->72627 72650->72646 72651->72649 72653 eb9815 72652->72653 72655 ea7c6f 72652->72655 72656 eb78ac 5 API calls __dosmaperr 72653->72656 72655->72630 72655->72631 72656->72655 72657 dc6360 72658 dc636e 72657->72658 72659 dc637c 72657->72659 72661 dc8370 GetHandleVerifier 72658->72661 72662 dc8383 72661->72662 72662->72659

                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                    Function 00DDB18D Relevance: 64.3, APIs: 15, Strings: 21, Instructions: 1257threadprocessCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DDB643
                                                                                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DDB651
                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00DDB845
                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F5), ref: 00DDB850
                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F4), ref: 00DDB85B
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DDB9A6
                                                                                                                                                                                    • InitializeProcThreadAttributeList.KERNEL32(00000000,00000001,00000000,?,?,?,?,?,?,00000000,00F14F64,00000000), ref: 00DDB9D0
                                                                                                                                                                                    • CreateProcessW.KERNELBASE(?,?,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 00DDBAD9
                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,00000000,00000000,00000001,00000000,00000000,00000000,?,?), ref: 00DDBAEE
                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00F14F64,00000000), ref: 00DDBB5E
                                                                                                                                                                                    • UpdateProcThreadAttribute.KERNEL32(?,00000000,00020002,00000000,?,00000000,00000000,00000008,?,?,?,?,?,00000000,00F14F64,00000000), ref: 00DDC27E
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DDC2DC
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DDC30F
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DDC321
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DDC361
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Handle$Process$AttributeCloseInit_thread_footerInit_thread_headerProcThread$CreateCurrentErrorInitializeLastListOpenUpdate
                                                                                                                                                                                    • String ID: --initial-client-data=$../../third_party/crashpad/crashpad/client/crashpad_client_win.cc$::InitializeProcThreadAttributeList$::UpdateProcThreadAttribute$CloseHandle process$CloseHandle thread$CreateProcess$D$InitializeProcThreadAttributeList$InitializeProcThreadAttributeList (size)$InitializeProcThreadAttributeList (size) succeeded, expected failure$OpenProcess$UpdateProcThreadAttribute$annotation$attachment$crash-count-file$database$kernel32.dll$metrics-dir$rundll32.exe$url
                                                                                                                                                                                    • API String ID: 2411058256-4240345948
                                                                                                                                                                                    • Opcode ID: 26d8a23881e08117a3b82bd71a9c591e58002b9d9d65de3f382b33ea2f6e9aea
                                                                                                                                                                                    • Instruction ID: 78873b9ea5375b1655438c3dc4379aa2ae76c05c0263d49f33f7dfc5fac08778
                                                                                                                                                                                    • Opcode Fuzzy Hash: 26d8a23881e08117a3b82bd71a9c591e58002b9d9d65de3f382b33ea2f6e9aea
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3BA2E5B1A083419FDB20DB24C841BAFB7E5AFD4714F05492EF88997381E771E945CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDF1B4 Relevance: 32.5, APIs: 2, Strings: 16, Instructions: 961COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00DDF1F4
                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 00DDF980
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                    • String ID: --monitor-self$--monitor-self-annotation=ptype=$--monitor-self-argument=$--type=$--user-data-dir=$/prefetch:7$OPERA_CRASHPAD_PIPE_NAME$Win32$channel$crashpad-handler$crashpad_handler.exe$plat$prod$special$ver$`
                                                                                                                                                                                    • API String ID: 514040917-2528962922
                                                                                                                                                                                    • Opcode ID: 50b2e92f67f4ee38075fa5279f9eee5693d62a1cb656542e2fc5bf8b66d470bd
                                                                                                                                                                                    • Instruction ID: a713f7dc100f706fe287d8dd459e517de97e4daf5460810d7fc21304772b2825
                                                                                                                                                                                    • Opcode Fuzzy Hash: 50b2e92f67f4ee38075fa5279f9eee5693d62a1cb656542e2fc5bf8b66d470bd
                                                                                                                                                                                    • Instruction Fuzzy Hash: BA82AEB1908751AFDB11DF64C841A6BBBE4FF95304F04482EF48A97352D731EA49CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDACEE Relevance: 19.6, APIs: 6, Strings: 5, Instructions: 304COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1408 ddacee-ddacfc 1409 ddacfe-ddad05 1408->1409 1410 ddad1a-ddad64 GetCurrentProcessId call db8590 1408->1410 1411 ddad17-ddad19 1409->1411 1412 ddad07-ddad10 call e1c79e 1409->1412 1418 ddad69-ddadc3 call e1c868 call da0c66 1410->1418 1412->1411 1423 ddadc5-ddadcb 1418->1423 1424 ddadd1-ddade8 call db8e60 1418->1424 1423->1424 1427 ddadea-ddadf3 1424->1427 1428 ddadf5-ddae07 1424->1428 1429 ddae1c-ddae4c 1427->1429 1428->1429 1430 ddae09-ddae15 call e9945e 1428->1430 1431 ddae5e-ddae65 1429->1431 1432 ddae4e-ddae5b call e9945e 1429->1432 1430->1429 1436 ddae77-ddae88 call e1cb18 1431->1436 1437 ddae67-ddae74 call e9945e 1431->1437 1432->1431 1443 ddae9f-ddaea2 1436->1443 1444 ddae8a-ddae8c 1436->1444 1437->1436 1447 ddaee9-ddaef0 1443->1447 1448 ddaea4-ddaea8 1443->1448 1445 ddb0ca-ddb0fb call ead9b4 call e1cdd8 call e993de call da37a0 1444->1445 1446 ddae92-ddae9d call e1c794 1444->1446 1446->1443 1449 ddaefd-ddb021 CreateEventW * 3 call ddb0cf SetUnhandledExceptionFilter call eb3723 call e993de call d83450 * 4 call da04ce call ddc972 call d86204 call d64418 call da13a0 1447->1449 1450 ddaef2-ddaefa call e9945e 1447->1450 1448->1418 1452 ddaeae-ddaee7 call dfd580 call dfd550 call d61741 call dfd560 1448->1452 1496 ddb0a1-ddb0af call ddb18d 1449->1496 1497 ddb023-ddb04d CreateThread call ddb0fc 1449->1497 1450->1449 1452->1447 1502 ddb0b1-ddb0c7 call e994aa 1496->1502 1497->1502 1503 ddb04f-ddb05b call dabe20 1497->1503 1508 ddb05d-ddb08e call dac840 call dac9e0 call d61741 call daca90 1503->1508 1509 ddb093-ddb09f 1503->1509 1508->1509 1509->1502
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00DDAD4F
                                                                                                                                                                                      • Part of subcall function 00E1C79E: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,00F14F64,00000000), ref: 00E1C7B4
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseCurrentHandleProcess
                                                                                                                                                                                    • String ID: $_$../../third_party/crashpad/crashpad/client/crashpad_client_win.cc$CreateNamedPipe$CreateThread$\\.\pipe\crashpad_%lu_
                                                                                                                                                                                    • API String ID: 2391145178-2138332405
                                                                                                                                                                                    • Opcode ID: 0810df00c573bb0c48d249ebe2308164a1d60af4556ceeaea9d5139c9330486a
                                                                                                                                                                                    • Instruction ID: 7a20eb4f072992c2066feb3d837f115313bf098830e62cec1b4dcbe44ca3a753
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0810df00c573bb0c48d249ebe2308164a1d60af4556ceeaea9d5139c9330486a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8DB1B1B1A00704AFD720EF74C841BA6B7E9FF45314F04892EF55A97281EB71B915CB61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDAD1E Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 284threadCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1517 ddad1e-ddad64 GetCurrentProcessId call db8590 1520 ddad69-ddadc3 call e1c868 call da0c66 1517->1520 1525 ddadc5-ddadcb 1520->1525 1526 ddadd1-ddade8 call db8e60 1520->1526 1525->1526 1529 ddadea-ddadf3 1526->1529 1530 ddadf5-ddae07 1526->1530 1531 ddae1c-ddae4c 1529->1531 1530->1531 1532 ddae09-ddae15 call e9945e 1530->1532 1533 ddae5e-ddae65 1531->1533 1534 ddae4e-ddae5b call e9945e 1531->1534 1532->1531 1538 ddae77-ddae88 call e1cb18 1533->1538 1539 ddae67-ddae74 call e9945e 1533->1539 1534->1533 1545 ddae9f-ddaea2 1538->1545 1546 ddae8a-ddae8c 1538->1546 1539->1538 1549 ddaee9-ddaef0 1545->1549 1550 ddaea4-ddaea8 1545->1550 1547 ddb0ca-ddb0fb call ead9b4 call e1cdd8 call e993de call da37a0 1546->1547 1548 ddae92-ddae9d call e1c794 1546->1548 1548->1545 1551 ddaefd-ddb021 CreateEventW * 3 call ddb0cf SetUnhandledExceptionFilter call eb3723 call e993de call d83450 * 4 call da04ce call ddc972 call d86204 call d64418 call da13a0 1549->1551 1552 ddaef2-ddaefa call e9945e 1549->1552 1550->1520 1554 ddaeae-ddaee7 call dfd580 call dfd550 call d61741 call dfd560 1550->1554 1598 ddb0a1-ddb0a8 call ddb18d 1551->1598 1599 ddb023-ddb04d CreateThread call ddb0fc 1551->1599 1552->1551 1554->1549 1602 ddb0ad-ddb0af 1598->1602 1604 ddb0b1-ddb0c7 call e994aa 1599->1604 1605 ddb04f-ddb05b call dabe20 1599->1605 1602->1604 1610 ddb05d-ddb08e call dac840 call dac9e0 call d61741 call daca90 1605->1610 1611 ddb093-ddb09f 1605->1611 1610->1611 1611->1604
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00DDAD4F
                                                                                                                                                                                      • Part of subcall function 00DA0D4E: _strlen.LIBCMT ref: 00DA0D5D
                                                                                                                                                                                    • CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000), ref: 00DDAF29
                                                                                                                                                                                    • CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000), ref: 00DDAF3A
                                                                                                                                                                                    • CreateEventW.KERNEL32(0000000C,00000000,00000000,00000000), ref: 00DDAF4B
                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00DDC770), ref: 00DDAF5C
                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00DDB140,00000000,00000000,00000000), ref: 00DDB032
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Create$Event$CurrentExceptionFilterProcessThreadUnhandled_strlen
                                                                                                                                                                                    • String ID: $_$../../third_party/crashpad/crashpad/client/crashpad_client_win.cc$CreateNamedPipe$CreateThread$\\.\pipe\crashpad_%lu_
                                                                                                                                                                                    • API String ID: 1337974324-2138332405
                                                                                                                                                                                    • Opcode ID: 848d8edc59400a51650ba7ff1c8ffc1f5c842ae510386608a35978d562f628d5
                                                                                                                                                                                    • Instruction ID: 9da6d737656ddfc166c88e214c0707ac583de87e303e2d099ad175f9963b2018
                                                                                                                                                                                    • Opcode Fuzzy Hash: 848d8edc59400a51650ba7ff1c8ffc1f5c842ae510386608a35978d562f628d5
                                                                                                                                                                                    • Instruction Fuzzy Hash: E8B1C1B1600704AFD720EF78C881BA6B7E9FF45314F04892EF56A97291EB71B815CB61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDF782 Relevance: 16.3, APIs: 1, Strings: 8, Instructions: 534COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1893 ddf782-ddf7e4 call da7c80 * 2 call da73d0 call d87f49 1902 ddf7ea-ddf7ff call d89030 1893->1902 1903 ddfb16-ddfb3d 1893->1903 1905 ddf802-ddf804 1902->1905 1906 ddfb6c-ddfb6f 1903->1906 1907 ddfb3f-ddfb53 call de01db 1903->1907 1908 ddf83f-ddf855 1905->1908 1909 ddf806-ddf810 1905->1909 1913 ddfbbb-ddfbdd call d86204 1906->1913 1914 ddfe67-ddfe6b 1906->1914 1924 ddfb59-ddfb67 1907->1924 1925 ddfe30 1907->1925 1921 ddf857-ddf85e 1908->1921 1922 ddf8a1-ddf8d1 call da7c80 1908->1922 1911 ddf81a-ddf83a call da7cd0 call da7dd0 call da7d90 1909->1911 1912 ddf812-ddf816 1909->1912 1911->1908 1912->1911 1944 ddfc9f-ddfce7 call d63696 call da0aa2 call d868a0 1913->1944 1945 ddfbe3-ddfc01 call d63696 call d868a0 1913->1945 1916 ddfe6d 1914->1916 1917 ddfe7c-ddfe85 1914->1917 1923 ddfe74-ddfe79 call e9945e 1916->1923 1940 ddfe97-ddfeab 1917->1940 1941 ddfe87-ddfe90 call e21830 1917->1941 1930 ddf868-ddf89b call da7cd0 call da7dd0 call da7d90 call dc2df0 1921->1930 1931 ddf860-ddf864 1921->1931 1960 ddf90a-ddf957 call ddf1b4 call da04ce call d83450 1922->1960 1961 ddf8d3-ddf8da 1922->1961 1923->1917 1928 ddfe37-ddfe52 call db8e60 call ddc3b6 1924->1928 1925->1928 1966 ddfe54-ddfe5d call e9945e 1928->1966 1967 ddfe60 1928->1967 1930->1922 1994 ddfed8-ddfed9 1930->1994 1931->1930 1948 ddfead-ddfeaf 1940->1948 1949 ddfeb3-ddfed7 call da7d90 call e994aa 1940->1949 1941->1940 1996 ddfce9-ddfcf2 call e9945e 1944->1996 1997 ddfcf5-ddfcfa 1944->1997 1983 ddfc0f-ddfc1f 1945->1983 1984 ddfc03-ddfc0c call e9945e 1945->1984 1948->1949 2008 ddf95d-ddf95f 1960->2008 2009 ddf959 1960->2009 1968 ddf8dc-ddf8e0 1961->1968 1969 ddf8e4-ddf905 call da7cd0 call da7dd0 call da7d90 1961->1969 1966->1967 1967->1914 1968->1969 1969->1960 1983->1944 1991 ddfc21 1983->1991 1984->1983 1999 ddfc23-ddfc39 call d63696 1991->1999 2005 ddfedb-ddfedc 1994->2005 1996->1997 2003 ddfcfc-ddfd05 call e9945e 1997->2003 2004 ddfd08-ddfd40 call de01db call ddad1e 1997->2004 2018 ddfc3b-ddfc3e 1999->2018 2019 ddfc40-ddfc77 call da0920 call d868a0 1999->2019 2003->2004 2027 ddfd45-ddfd67 call d6573e call de01db call ddc49e 2004->2027 2014 ddf9cc-ddf9e9 call d86204 2008->2014 2015 ddf961-ddf988 call e9da70 GetModuleFileNameW 2008->2015 2009->2008 2029 ddf9ef-ddfa3b call d63696 call da0aa2 call d868a0 2014->2029 2030 ddfb74-ddfbb8 call da8610 call da8b80 call da7dd0 call da7d90 * 2 2014->2030 2015->2005 2031 ddf98e-ddf997 2015->2031 2018->2019 2041 ddfc79-ddfc82 call e9945e 2019->2041 2042 ddfc85-ddfc8a 2019->2042 2065 ddfd69-ddfd6d 2027->2065 2066 ddfd71-ddfd90 call db92e0 2027->2066 2072 ddfa3d-ddfa46 call e9945e 2029->2072 2073 ddfa49-ddfa51 2029->2073 2030->1913 2036 ddf999 2031->2036 2037 ddf9ab-ddf9cb call da7cd0 call da7dd0 call da7d90 2031->2037 2044 ddf99b-ddf9a9 2036->2044 2037->2014 2041->2042 2049 ddfc8c-ddfc95 call e9945e 2042->2049 2050 ddfc98-ddfc9d 2042->2050 2044->2037 2044->2044 2049->2050 2050->1944 2050->1999 2065->2066 2091 ddfd9e-ddfda6 2066->2091 2092 ddfd92-ddfd9b call e9945e 2066->2092 2072->2073 2074 ddfa5f-ddfa65 2073->2074 2075 ddfa53-ddfa5c call e9945e 2073->2075 2080 ddfa6a-ddfa6c 2074->2080 2081 ddfa67 2074->2081 2075->2074 2085 ddfa6e-ddfa82 call d63696 2080->2085 2086 ddfae2-ddfb00 call d63696 call d868a0 2080->2086 2081->2080 2099 ddfa89-ddfac1 call da0920 call d868a0 2085->2099 2100 ddfa84-ddfa87 2085->2100 2109 ddfb0e-ddfb11 2086->2109 2110 ddfb02-ddfb0b call e9945e 2086->2110 2096 ddfda8-ddfdb1 call e9945e 2091->2096 2097 ddfdb4-ddfdd7 call d640f6 * 2 call da7d90 2091->2097 2092->2091 2096->2097 2123 ddfdd9-ddfde2 call e9945e 2097->2123 2124 ddfde5-ddfdf6 call d710fe 2097->2124 2118 ddfacf-ddfad4 2099->2118 2119 ddfac3-ddfacc call e9945e 2099->2119 2100->2099 2109->1913 2110->2109 2118->2086 2122 ddfad6-ddfadf call e9945e 2118->2122 2119->2118 2122->2086 2123->2124 2132 ddfdf8-ddfe01 call e9945e 2124->2132 2133 ddfe04-ddfe12 call da7d90 2124->2133 2132->2133 2138 ddfe14-ddfe1d call e9945e 2133->2138 2139 ddfe20-ddfe28 2133->2139 2138->2139 2139->1917 2141 ddfe2a-ddfe2e 2139->2141 2141->1923
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,?,?), ref: 00DDF980
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                    • String ID: --monitor-self$--monitor-self-annotation=ptype=$--monitor-self-argument=$--type=$--user-data-dir=$/prefetch:7$OPERA_CRASHPAD_PIPE_NAME$crashpad-handler
                                                                                                                                                                                    • API String ID: 514040917-1229799049
                                                                                                                                                                                    • Opcode ID: 9c2990d5576011c0b461e96039f205fb2838862e7c5b6c874b34c3b73d6bbf7c
                                                                                                                                                                                    • Instruction ID: 055f962b06cc068b4815c93aa494bfb39ac819925c8fd2cc34763c7fb14cebc9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9c2990d5576011c0b461e96039f205fb2838862e7c5b6c874b34c3b73d6bbf7c
                                                                                                                                                                                    • Instruction Fuzzy Hash: DF2291715083509FCB21DF24C881A6FBBE5EF95704F04886EF48A97352DB31E949CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DB0EE0 Relevance: 10.8, APIs: 7, Instructions: 319COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 2263 db0ee0-db0f11 2264 db125d-db1271 call e994e7 2263->2264 2265 db0f17-db0f1a 2263->2265 2264->2265 2273 db1277-db12c1 call e993de call da37a0 call e9955d 2264->2273 2267 db0f3a-db0f49 TryAcquireSRWLockExclusive 2265->2267 2268 db0f1c-db0f35 call dc33c0 call e994aa 2265->2268 2270 db123b-db1242 call dc68f0 2267->2270 2271 db0f4f-db0f5c 2267->2271 2293 db1173-db117a 2268->2293 2297 db1247-db1252 call dc68f0 2270->2297 2274 db0faf-db0fb4 2271->2274 2275 db0f5e-db0f66 2271->2275 2273->2265 2274->2275 2282 db0fb6-db0ff0 2274->2282 2280 db0f6c-db0fa6 2275->2280 2281 db1071-db109c ReleaseSRWLockExclusive call da7c80 2275->2281 2286 db0fa8-db0fad 2280->2286 2287 db1000-db1004 2280->2287 2301 db109e-db109f 2281->2301 2302 db10b6-db10bc 2281->2302 2289 db117b-db117f 2282->2289 2290 db0ff6-db0ffb 2282->2290 2295 db1011-db1019 2286->2295 2287->2295 2298 db1006-db100e 2287->2298 2291 db118c-db1194 2289->2291 2292 db1181-db1189 2289->2292 2290->2291 2291->2275 2299 db119a-db119e 2291->2299 2292->2291 2295->2281 2304 db101b-db101f 2295->2304 2316 db1258 2297->2316 2317 db1152-db115b ReleaseSRWLockExclusive 2297->2317 2298->2295 2299->2275 2307 db11a4-db11aa 2299->2307 2309 db10a0 2301->2309 2305 db10be 2302->2305 2306 db10c1-db10c3 2302->2306 2304->2281 2311 db1021-db1027 2304->2311 2305->2306 2312 db10c9-db10d5 call da9e40 2306->2312 2313 db115d 2306->2313 2314 db11bf-db11c4 2307->2314 2325 db10a2-db10a7 2309->2325 2318 db103f-db1044 2311->2318 2340 db1102-db1117 call da7db0 TryAcquireSRWLockExclusive 2312->2340 2341 db10d7-db10f9 call dc1500 call da7dd0 call da7d90 2312->2341 2324 db115f-db1162 call da7d90 2313->2324 2322 db11b0-db11b3 2314->2322 2323 db11c6-db11ca 2314->2323 2316->2264 2317->2324 2319 db1030-db1033 2318->2319 2320 db1046-db104a 2318->2320 2326 db1039-db103d 2319->2326 2327 db11e7-db11eb 2319->2327 2328 db104c-db104f 2320->2328 2329 db1060-db1062 2320->2329 2331 db121f-db1236 call da7db0 ReleaseSRWLockExclusive 2322->2331 2332 db11b5-db11b9 2322->2332 2333 db11cc-db11cf 2323->2333 2334 db11d1-db11d3 2323->2334 2344 db1167-db1171 call e994aa 2324->2344 2325->2302 2336 db10a9-db10ae 2325->2336 2326->2281 2326->2318 2327->2331 2345 db11ed-db121a call db1520 call da7db0 2327->2345 2337 db106d-db106f 2328->2337 2329->2337 2339 db1064-db106a 2329->2339 2331->2344 2332->2275 2332->2314 2342 db11de-db11e0 2333->2342 2334->2342 2343 db11d5-db11db 2334->2343 2336->2302 2346 db10b0-db10b4 2336->2346 2337->2281 2337->2326 2339->2337 2340->2297 2357 db111d-db1121 2340->2357 2367 db10fb 2341->2367 2368 db10fe-db1100 2341->2368 2342->2332 2351 db11e2 2342->2351 2343->2342 2344->2293 2345->2331 2346->2309 2351->2275 2357->2317 2360 db1123-db114f call db1520 call da7db0 2357->2360 2360->2317 2367->2368 2368->2313 2368->2340
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(05336D98,?,?,?,?,?,?,?,?,?,?,?,00D61118,00000005,?), ref: 00DB0F41
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(05336D98,?,?,?,?,?,?,?,?,?,?,?,00D61118,00000005,?), ref: 00DB1075
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DB1262
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DB12B9
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerRelease
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2580794422-0
                                                                                                                                                                                    • Opcode ID: 2951bfb8582d50727c27945eeef3e1452cb065d51b9b4477579a638fa7fced93
                                                                                                                                                                                    • Instruction ID: d84309dce09da729a1a2e4434a09f8f5f86fd6be0f3dc9410a66811b8d18e1da
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2951bfb8582d50727c27945eeef3e1452cb065d51b9b4477579a638fa7fced93
                                                                                                                                                                                    • Instruction Fuzzy Hash: 08B10275B00249DBCF24DF64C8A1AEEB7B2AF85350B58812DE947A7241DB30ED45CBB1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EA7C65 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(00EAD9F7,?,00EA7D1D,00EAC03F,?,00EAD9F7,00EAC03F,00EAD9F7,00000003), ref: 00EA7C87
                                                                                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00EA7D1D,00EAC03F,?,00EAD9F7,00EAC03F,00EAD9F7,00000003), ref: 00EA7C8E
                                                                                                                                                                                    • ExitProcess.KERNEL32 ref: 00EA7CA0
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1703294689-0
                                                                                                                                                                                    • Opcode ID: 3be2e08aa3a6f084e7e43cc14cefc7880735c5f226bf5bc196514e23c83d5478
                                                                                                                                                                                    • Instruction ID: 782af07aab73586ffd094be30deb792a70e2f76b6d4f61db40f37945e65a210e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3be2e08aa3a6f084e7e43cc14cefc7880735c5f226bf5bc196514e23c83d5478
                                                                                                                                                                                    • Instruction Fuzzy Hash: 92E08C31004248AFDF12AF28CE0CA4D7BA8FB09351B018810F948AA131CF39ED82EB81
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E1CB18 Relevance: 3.1, APIs: 2, Instructions: 53pipeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetVersion.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00E1CB49
                                                                                                                                                                                    • CreateNamedPipeW.KERNELBASE ref: 00E1CBA4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateNamedPipeVersion
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1287812050-0
                                                                                                                                                                                    • Opcode ID: c17fbbe59f9f76d956dc0f142d487bcd18e602c188bf76568d1ddbeff87c50db
                                                                                                                                                                                    • Instruction ID: 10bac30a69f2c7a1e9a4d21b1a6d6651c3ba5f11f1ab880d76092e46a9f0627f
                                                                                                                                                                                    • Opcode Fuzzy Hash: c17fbbe59f9f76d956dc0f142d487bcd18e602c188bf76568d1ddbeff87c50db
                                                                                                                                                                                    • Instruction Fuzzy Hash: F4118C719083098FEB049F69D4457AEFBF4FF88314F10881EE899A7351C7755585CB86
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D88004 Relevance: 111.2, APIs: 40, Strings: 23, Instructions: 934COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D88188
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D88276
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D882B3
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D884E1
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D8860C
                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D886F1
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00D88759
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D883B7
                                                                                                                                                                                      • Part of subcall function 00D63696: _strlen.LIBCMT ref: 00D636AD
                                                                                                                                                                                      • Part of subcall function 00DA0AA2: _strlen.LIBCMT ref: 00DA0AAD
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D887E1
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D8886C
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D88903
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D88940
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88A1B
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88A49
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88A5B
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88A89
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88A9B
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88AC9
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88ADB
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88B09
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88B1B
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88B49
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88B5B
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88B89
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88B9B
                                                                                                                                                                                      • Part of subcall function 00E994E7: EnterCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E994F2
                                                                                                                                                                                      • Part of subcall function 00E994E7: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E9952F
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88BC9
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88BDB
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88C09
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88C1B
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88C49
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88C5B
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88C8C
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88C9E
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88CCF
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88CE1
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88D0F
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88D21
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88D4F
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D88D61
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D88D8F
                                                                                                                                                                                      • Part of subcall function 00E9955D: EnterCriticalSection.KERNEL32(00F14FC0,?,?,00DBB5A5,00F14C0C), ref: 00E99567
                                                                                                                                                                                      • Part of subcall function 00E9955D: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,00DBB5A5,00F14C0C), ref: 00E9959A
                                                                                                                                                                                      • Part of subcall function 00E9955D: WakeAllConditionVariable.KERNEL32(?,00DBB5A5,00F14C0C), ref: 00E9960D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header$_strlen$CriticalSection$EnterLeave$ConditionCurrentProcessUnothrow_t@std@@@VariableWake__ehfuncinfo$??2@
                                                                                                                                                                                    • String ID: BuildID$Email$InstallTime$OPERA_CRASH_EMAIL$OPERA_CRASH_KEEP_LOGS$OPERA_CRASH_ORIGIN$OPERA_CRASH_REPORTER_OPAUTO_TEST$OPERA_CRASH_SERVER_URL$OpAuto$Origin$ReleaseChannel$UBN$_crashreporter.exe$browser$channel$is_wow64$opauto_test$prod$ptype$symbols-package$user-data-dir$ver$s
                                                                                                                                                                                    • API String ID: 1984183743-1349995209
                                                                                                                                                                                    • Opcode ID: 40db6e02a51f5200e4bf27ef2ccacdc46e4e7fa8f6fac595ebcf8ef734bb38f9
                                                                                                                                                                                    • Instruction ID: 4ff9b7200fd9a4551376b99d2d611202a6ded14bcec284437c38f70c926156dd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 40db6e02a51f5200e4bf27ef2ccacdc46e4e7fa8f6fac595ebcf8ef734bb38f9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7972F6B19043409FDB11BB24DC42A6E7BE1EF95700F45442DF895A7252EB32EA05EBB3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E1C8A4 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 185pipefileCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1333 e1c8a4-e1c8bd 1334 e1c8c3-e1c8c9 1333->1334 1335 e1c8cb 1334->1335 1336 e1c8cd-e1c8f4 CreateFileW 1334->1336 1335->1336 1337 e1c8f6-e1c901 GetLastError 1336->1337 1338 e1c95e-e1c97a SetNamedPipeHandleState 1336->1338 1341 e1ca25-e1ca31 call dabe20 1337->1341 1342 e1c907-e1c90d 1337->1342 1339 e1c980-e1c99d TransactNamedPipe 1338->1339 1340 e1ca73-e1ca7f call dabe20 1338->1340 1344 e1c9a3-e1c9ac 1339->1344 1345 e1caac-e1cab8 call dabe20 1339->1345 1357 e1ca81-e1caaa call dac840 call dac9e0 1340->1357 1358 e1caf6 1340->1358 1361 e1ca33-e1ca57 call dac840 call dac9e0 1341->1361 1362 e1ca6c-e1ca6e 1341->1362 1347 e1c911-e1c91c WaitNamedPipeW 1342->1347 1348 e1c90f 1342->1348 1352 e1c9b2-e1c9be call dabe20 1344->1352 1353 e1caf8-e1cafe call e1c794 1344->1353 1345->1358 1366 e1caba-e1cae1 call dac840 call dac9e0 1345->1366 1347->1334 1349 e1c91e-e1c92a call dabe20 1347->1349 1348->1347 1349->1362 1372 e1c930-e1c959 call dac840 call dac9e0 1349->1372 1352->1358 1375 e1c9c4-e1ca20 call dabec0 call d61741 call d8a3e0 call d61741 call d8a3e0 call dac2a0 1352->1375 1367 e1cb01-e1cb17 call e994aa 1353->1367 1387 e1cae6-e1caf1 call d61741 call daca90 1357->1387 1358->1353 1389 e1ca5c-e1ca67 call d61741 call daca90 1361->1389 1362->1367 1366->1387 1372->1389 1375->1358 1387->1358 1389->1362
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateFileW.KERNELBASE ref: 00E1C8EF
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E1C8F6
                                                                                                                                                                                    • WaitNamedPipeW.KERNEL32(?,000000FF), ref: 00E1C914
                                                                                                                                                                                    • SetNamedPipeHandleState.KERNELBASE(00000000,?,00000000,00000000), ref: 00E1C972
                                                                                                                                                                                    • TransactNamedPipe.KERNELBASE(00000000,00000000,00000024,00DDC428,0000000C,?,00000000), ref: 00E1C995
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: NamedPipe$CreateErrorFileHandleLastStateTransactWait
                                                                                                                                                                                    • String ID: , observed $../../third_party/crashpad/crashpad/util/win/registration_protocol_win.cc$CreateFile$SetNamedPipeHandleState$TransactNamedPipe$TransactNamedPipe: expected $WaitNamedPipe
                                                                                                                                                                                    • API String ID: 3582518244-3702053020
                                                                                                                                                                                    • Opcode ID: ca7f6df4a95b4e453a45b9956346cfbb27c4ff6b38c1d13b8895f20387f6b070
                                                                                                                                                                                    • Instruction ID: 64b8e7f6285bb564497bf491b6a3810c77e345aff49a0799ba0b0ccacc852219
                                                                                                                                                                                    • Opcode Fuzzy Hash: ca7f6df4a95b4e453a45b9956346cfbb27c4ff6b38c1d13b8895f20387f6b070
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7E51FA70B803186AEA20EB609C47FEE7769EF45714F041156F905BB2C3E7B15A45C672
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7FBFA Relevance: 17.9, APIs: 3, Strings: 7, Instructions: 357COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1619 d7fbfa-d7fc26 1620 d7fc3e-d7fc42 call da7c80 1619->1620 1621 d7fc28-d7fc3c call da8b80 1619->1621 1625 d7fc47-d7fc51 1620->1625 1621->1625 1626 d7fc57-d7fc59 1625->1626 1627 d7fc53 1625->1627 1628 d7fc5b-d7fc67 call da8b80 1626->1628 1629 d7fc8a-d7fc90 1626->1629 1627->1626 1636 d7fc6c-d7fc89 call da7d90 call e994aa 1628->1636 1631 d7fcb5-d7fccb call da7c80 call db0ee0 1629->1631 1632 d7fc92-d7fca4 1629->1632 1643 d7fcd0-d7fcd5 1631->1643 1633 d7fcaa-d7fcb0 1632->1633 1634 d7fe29 1632->1634 1637 d7fe2c-d7fe6a call db9420 call eb42d0 call db9420 1633->1637 1634->1637 1660 d7fe6c-d7fe74 1637->1660 1661 d7fe78-d7fe9a 1637->1661 1646 d7ff35-d7ff37 call da7c80 1643->1646 1647 d7fcdb-d7fd03 call d63696 call d82c10 1643->1647 1655 d7ff3c-d7ff45 call da7d90 1646->1655 1663 d7fd05-d7fd0b call eb42d0 1647->1663 1664 d7fd0e-d7fd2b call db7bc0 call d82ccb 1647->1664 1667 d7ff4a-d7ff4e 1655->1667 1660->1661 1665 d7fea0-d7feba 1661->1665 1666 d7ff6e-d7ff87 call d7f8e0 1661->1666 1663->1664 1694 d7fd2d-d7fd36 call eb42d0 1664->1694 1695 d7fd38-d7fd63 call db7bc0 call d7f9f0 1664->1695 1670 d7fec4-d7fed7 1665->1670 1671 d7febc-d7febf 1665->1671 1684 d7ffca-d7ffcf call da7c80 1666->1684 1685 d7ff89-d7ff90 1666->1685 1675 d7ff50-d7ff66 1667->1675 1676 d7ffb9-d7ffc0 1667->1676 1673 d7feda-d7fedf 1670->1673 1679 d7ffc4-d7ffc8 1671->1679 1673->1676 1680 d7fee5 1673->1680 1682 d8000a-d8001c call da7cd0 1675->1682 1683 d7ff6c 1675->1683 1676->1679 1679->1682 1686 d7fee6-d7fee9 1680->1686 1696 d80021-d80026 1682->1696 1683->1666 1698 d7ffd4-d7ffdd 1684->1698 1689 d7ff96-d7ffb7 call da1ea8 1685->1689 1690 d7ff92 1685->1690 1692 d7feeb-d7fef1 1686->1692 1693 d7fef8-d7feff 1686->1693 1689->1698 1690->1689 1692->1686 1701 d7fef3 1692->1701 1703 d7ff00-d7ff02 1693->1703 1694->1695 1723 d7fd65-d7fd69 1695->1723 1724 d7fd6d-d7fd85 call db7bc0 1695->1724 1705 d80028-d80031 call e9945e 1696->1705 1706 d80034-d80039 1696->1706 1699 d7ffef-d7fff1 1698->1699 1700 d7ffdf-d7ffec call e9945e 1698->1700 1699->1696 1709 d7fff3-d80006 1699->1709 1700->1699 1701->1676 1703->1667 1711 d7ff04-d7ff1a 1703->1711 1705->1706 1706->1636 1714 d8003f-d8004b call e9945e 1706->1714 1709->1682 1711->1703 1716 d7ff1c-d7ff2e 1711->1716 1714->1636 1716->1673 1720 d7ff30 1716->1720 1720->1676 1723->1724 1727 d7fd87-d7fd90 call e9945e 1724->1727 1728 d7fd93-d7fdb7 1724->1728 1727->1728 1730 d7fdd5-d7fe12 call da9d80 call da7dd0 call da7d90 call da7ca0 1728->1730 1731 d7fdb9-d7fdbc 1728->1731 1730->1655 1744 d7fe18-d7fe24 call e9945e 1730->1744 1733 d7fdc1-d7fdc4 1731->1733 1734 d7fdbe 1731->1734 1733->1731 1736 d7fdc6-d7fdd2 1733->1736 1734->1733 1736->1730 1744->1655
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D7FD06
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D7FD2E
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D7FE4D
                                                                                                                                                                                      • Part of subcall function 00D7F8E0: GetUserNameW.ADVAPI32(?,?), ref: 00D7F91D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen$NameUser
                                                                                                                                                                                    • String ID: <USERNAME>$data$profile${CompanyName}${CompanyName}/{ProductName} {InternalStream}${InternalStream}${ProductName}
                                                                                                                                                                                    • API String ID: 1881245836-2942531514
                                                                                                                                                                                    • Opcode ID: 7397b6d22f56dc50bcd342a4734feabecae2dda9e7ca68a02588ff7642b74766
                                                                                                                                                                                    • Instruction ID: 72150dbe1528b7a433bd19476682244d77e7c6d144f102f1a1be6d82b8018295
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7397b6d22f56dc50bcd342a4734feabecae2dda9e7ca68a02588ff7642b74766
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7CD1A271508350ABCB21DF14C881A6FFBE5AFD6754F08882DF8C967252E671E909C7B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DABF60 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 265timeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1747 dabf60-dabf8b 1748 dabf98 1747->1748 1749 dabf8d-dabf96 call eb42d0 1747->1749 1750 dabf9a-dabfb5 call db5530 1748->1750 1749->1750 1755 dabfd6 1750->1755 1756 dabfb7-dabfbd 1750->1756 1759 dabfda-dac004 call d61741 1755->1759 1757 dabfc3-dabfd4 1756->1757 1758 dac295-dac298 1756->1758 1757->1759 1762 dac02b-dac034 1759->1762 1763 dac006-dac028 call eb42d0 call d61741 * 2 1759->1763 1764 dac05e-dac069 1762->1764 1765 dac036-dac05b call de6720 call de6700 call d61741 1762->1765 1763->1762 1768 dac06b-dac086 call d81c60 call d8a3e0 call d61741 1764->1768 1769 dac089-dac090 1764->1769 1765->1764 1768->1769 1771 dac18b-dac192 1769->1771 1772 dac096-dac188 GetLocalTime call d8a020 * 2 call d61741 call d8a020 * 3 call d61741 call d8a020 call d61741 1769->1772 1778 dac194-dac1b2 GetTickCount call d8a7a0 call d61741 1771->1778 1779 dac1b5-dac1ba 1771->1779 1772->1771 1778->1779 1786 dac1eb-dac203 call d61741 call d8a200 1779->1786 1787 dac1bc-dac1c6 1779->1787 1809 dac208-dac260 call d61741 call db4e00 call d61741 call d8a200 call d61741 call d65604 1786->1809 1794 dac1c8 1787->1794 1795 dac1cf-dac1e9 call eb42d0 call d61741 1787->1795 1794->1795 1795->1809 1836 dac26a-dac27d call e9945e 1809->1836 1837 dac262-dac268 1809->1837 1838 dac280-dac292 call e994aa 1836->1838 1837->1838
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00DABF8E
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00DAC007
                                                                                                                                                                                    • GetLocalTime.KERNEL32(0000005B,?,?,?,?,?,?,?,00000198,?,?,00DABF52,00000198,?,?), ref: 00DAC0A1
                                                                                                                                                                                    • GetTickCount.KERNEL32 ref: 00DAC194
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00DAC1D0
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen$CountLocalTickTime
                                                                                                                                                                                    • String ID: )] $:$:$UNKNOWN$VERBOSE
                                                                                                                                                                                    • API String ID: 3535325690-776901039
                                                                                                                                                                                    • Opcode ID: 1a6b8b829431f4ab9c83e7d53d22a2a135395ca61b8e2c2449c2e3cb19a0bc15
                                                                                                                                                                                    • Instruction ID: f8967b73245959d3e27f9e0573fd3afddbc61537ad13df300779ec4170a69295
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a6b8b829431f4ab9c83e7d53d22a2a135395ca61b8e2c2449c2e3cb19a0bc15
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8891C3B4A04340AFD710FB209C86F2BBBE9EB85714F08491DF89557382E775E9058B72
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E1CBC3 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 160COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 1843 e1cbc3-e1cbe7 call e1cf00 1846 e1cdd2-e1cdd7 1843->1846 1847 e1cbed-e1cc08 1843->1847 1848 e1cc0a-e1cc15 1847->1848 1849 e1cc4c-e1cc60 call e994e7 1847->1849 1850 e1cc25-e1cc2c 1848->1850 1851 e1cc17-e1cc19 1848->1851 1849->1848 1858 e1cc62-e1cc87 ConvertStringSecurityDescriptorToSecurityDescriptorW 1849->1858 1853 e1cc34-e1cc4b call e994aa 1850->1853 1855 e1cc2e 1850->1855 1851->1853 1854 e1cc1b-e1cc23 1851->1854 1854->1853 1855->1853 1860 e1cd55-e1cd61 call dabe20 1858->1860 1861 e1cc8d-e1ccfd BuildExplicitAccessWithNameW BuildSecurityDescriptorW 1858->1861 1869 e1cdba-e1cdcd call e9955d 1860->1869 1871 e1cd63-e1cd98 call dac840 call dac9e0 call d61741 call daca90 1860->1871 1863 e1cd03-e1cd18 SetLastError call dabe20 1861->1863 1864 e1cd9a-e1cda3 1861->1864 1865 e1cda7-e1cdac 1863->1865 1872 e1cd1e-e1cd53 call dac840 call dac9e0 call d61741 call daca90 1863->1872 1864->1865 1865->1869 1870 e1cdae-e1cdb7 call e46608 1865->1870 1869->1848 1870->1869 1871->1869 1872->1865
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00E1CC51
                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0),00000001,?,00000000), ref: 00E1CC80
                                                                                                                                                                                    • BuildExplicitAccessWithNameW.ADVAPI32(?,?,10000000,00000001,00000000), ref: 00E1CCD1
                                                                                                                                                                                    • BuildSecurityDescriptorW.ADVAPI32(00000000,00000000,00000001,?,00000000,00000000,?,?,?), ref: 00E1CCF5
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00E1CD04
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E1CDC5
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/registration_protocol_win.cc, xrefs: 00E1CD2E, 00E1CD73
                                                                                                                                                                                    • ConvertStringSecurityDescriptorToSecurityDescriptor, xrefs: 00E1CD83
                                                                                                                                                                                    • BuildSecurityDescriptor, xrefs: 00E1CD3E
                                                                                                                                                                                    • D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0), xrefs: 00E1CC7B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DescriptorSecurity$Build$AccessConvertErrorExplicitInit_thread_footerInit_thread_headerLastNameStringWith
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/registration_protocol_win.cc$BuildSecurityDescriptor$ConvertStringSecurityDescriptorToSecurityDescriptor$D:(A;;GA;;;SY)(A;;GWGR;;;S-1-15-2-1)S:(ML;;;;;S-1-16-0)
                                                                                                                                                                                    • API String ID: 1468532445-440191626
                                                                                                                                                                                    • Opcode ID: 70da5e02ae10e9d33a0f18afbd80aa21336ae460f402000d2178fb31e7e8059f
                                                                                                                                                                                    • Instruction ID: 665e5ed6d6427e956e7bf68ad64e3baee5c1a65b6c77a1aea381b0230b5a1a50
                                                                                                                                                                                    • Opcode Fuzzy Hash: 70da5e02ae10e9d33a0f18afbd80aa21336ae460f402000d2178fb31e7e8059f
                                                                                                                                                                                    • Instruction Fuzzy Hash: A0515971640384EBEB20DF24DC06FEBB7A8FFD5710F115129F885A7292EB309981C662
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EAC5CC Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 2144 eac5cc-eac5fc call eaca4c 2147 eac5fe-eac609 call eaa805 2144->2147 2148 eac617-eac623 call eab457 2144->2148 2155 eac60b-eac612 call eaa7f2 2147->2155 2153 eac63c-eac670 call eac9b7 2148->2153 2154 eac625-eac63a call eaa805 call eaa7f2 2148->2154 2160 eac675-eac685 2153->2160 2154->2155 2165 eac8f1-eac8f5 2155->2165 2163 eac6f2-eac6fb GetFileType 2160->2163 2164 eac687-eac690 2160->2164 2166 eac6fd-eac72e GetLastError call eaa818 CloseHandle 2163->2166 2167 eac744-eac747 2163->2167 2169 eac692-eac696 2164->2169 2170 eac6c7-eac6ed GetLastError call eaa818 2164->2170 2166->2155 2181 eac734-eac73f call eaa7f2 2166->2181 2173 eac749-eac74e 2167->2173 2174 eac750-eac756 2167->2174 2169->2170 2175 eac698-eac6c5 call eac9b7 2169->2175 2170->2155 2178 eac75a-eac7a8 call eab5fb 2173->2178 2174->2178 2179 eac758 2174->2179 2175->2163 2175->2170 2186 eac7aa-eac7b6 call eacbc6 2178->2186 2187 eac7c7-eac7ef call eacc70 2178->2187 2179->2178 2181->2155 2186->2187 2193 eac7b8 2186->2193 2194 eac7f1-eac7f2 2187->2194 2195 eac7f4-eac835 2187->2195 2196 eac7ba-eac7c2 call ea8191 2193->2196 2194->2196 2197 eac856-eac864 2195->2197 2198 eac837-eac83b 2195->2198 2196->2165 2201 eac86a-eac86e 2197->2201 2202 eac8ef 2197->2202 2198->2197 2200 eac83d-eac851 2198->2200 2200->2197 2201->2202 2203 eac870-eac8a3 CloseHandle call eac9b7 2201->2203 2202->2165 2207 eac8d7-eac8eb 2203->2207 2208 eac8a5-eac8d1 GetLastError call eaa818 call eab56a 2203->2208 2207->2202 2208->2207
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00EAC9B7: CreateFileW.KERNELBASE(00000000,00000000,?,00EAC675,?,?,00000000,?,00EAC675,00000000,0000000C), ref: 00EAC9D4
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00EAC6E0
                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00EAC6E7
                                                                                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 00EAC6F3
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00EAC6FD
                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00EAC706
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00EAC726
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00EAC873
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00EAC8A5
                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00EAC8AC
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4237864984-0
                                                                                                                                                                                    • Opcode ID: c449a769b73cb2634279331dec1d3642d088b4278c17268ba526b502def72a68
                                                                                                                                                                                    • Instruction ID: a08217026d13630b8748a7320f4f22b48e240d83c5e3aea863567fe6b67d850c
                                                                                                                                                                                    • Opcode Fuzzy Hash: c449a769b73cb2634279331dec1d3642d088b4278c17268ba526b502def72a68
                                                                                                                                                                                    • Instruction Fuzzy Hash: C0A12532A142489FCF19DF68C8516AE3BE1AB4B324F285159F811FF291CB34AC02DB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DABA00 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 125fileCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 2213 daba00-daba28 call da4250 call da4730 2218 daba2a-daba38 call da4730 2213->2218 2219 daba3e-daba45 2213->2219 2218->2219 2226 dabad0-dabade 2218->2226 2221 dabb9b-dabb9f 2219->2221 2222 daba4b-dabac8 call e993de call eb42d0 call da47a0 call eb42d0 call da47a0 call de6090 2219->2222 2256 dabaca-dabace 2222->2256 2257 dabb11-dabb20 call e9945e 2222->2257 2228 dabb87-dabb9a call e994aa 2226->2228 2229 dabae4-dabaeb 2226->2229 2232 dabb2f-dabb37 2229->2232 2233 dabaed-dabb06 CloseHandle 2229->2233 2235 dabb5e-dabb6a call da1bbc 2232->2235 2238 dabb39-dabb59 call e993de 2232->2238 2234 dabb08-dabb0f 2233->2234 2233->2235 2234->2238 2246 dabb6c-dabb75 2235->2246 2247 dabb80 call dabba0 2235->2247 2238->2235 2250 dabb79-dabb7a DeleteFileW 2246->2250 2251 dabb77 2246->2251 2252 dabb85 2247->2252 2250->2247 2251->2250 2252->2228 2256->2226 2259 dabb22-dabb2d call e9945e 2256->2259 2257->2226 2257->2259 2259->2226
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00DA4730: _strlen.LIBCMT ref: 00DA4751
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00DABA6D
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00DABA93
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000378,j), ref: 00DABAEE
                                                                                                                                                                                    • DeleteFileW.KERNEL32(0533D048,?,j), ref: 00DABB7A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen$CloseDeleteFileHandle
                                                                                                                                                                                    • String ID: vmodule$j$j
                                                                                                                                                                                    • API String ID: 1068956878-1128040269
                                                                                                                                                                                    • Opcode ID: 1d0628d2e6573c1a23a1b47a38aa0a5e22412658f5ed5d9c9d0790bab3447d7e
                                                                                                                                                                                    • Instruction ID: cfa0a04017348701af7b09f16c2a956e8d1576bf4c70fadddeacf28c275500f5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1d0628d2e6573c1a23a1b47a38aa0a5e22412658f5ed5d9c9d0790bab3447d7e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8841E5B0E00348AFEF14DF64EC55BAE7BB5EB41324F04802AF446A7292D7B19946D7B1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D61000 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 251COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00DA3F70: GetCommandLineW.KERNEL32(?,00000000), ref: 00DA3FE7
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D61055
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CommandLine_strlen
                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/assistant/installer/assistant_installer_main.cc$Running assistant installer with command line $WinMain$assistant_installer_%02d%02d%02d%02d%02d%02d.log$asstgx_ins
                                                                                                                                                                                    • API String ID: 1507289288-2816526336
                                                                                                                                                                                    • Opcode ID: 1ee354892b592132afa53f2505c77fe12ffa3a1aea0b6d69499f74d07049e893
                                                                                                                                                                                    • Instruction ID: 9ccb04a747d0f141de52f6325de1bab8652ee19b4fe8c9bc44caf6199a5e2e62
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1ee354892b592132afa53f2505c77fe12ffa3a1aea0b6d69499f74d07049e893
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0691C1B19007049FD720AF34CC82BABB7E5EF99300F04492DF99A97642EB71B5158BB1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC9A00 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177timeCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 2473 dc9a00-dc9a08 2474 dc9a0a-dc9a15 SystemFunction036 2473->2474 2475 dc9a17-dc9a18 2473->2475 2474->2475 2476 dc9a19-dc9a42 2474->2476 2477 dc9a98-dc9ad4 2476->2477 2478 dc9a44-dc9a93 GetSystemTimeAsFileTime call e99750 2476->2478 2481 dc9b7d-dc9bd2 2477->2481 2482 dc9ada-dc9ae9 2477->2482 2478->2477 2486 dc9bfe-dc9c4d 2481->2486 2487 dc9bd4-dc9bed 2481->2487 2485 dc9af0-dc9b77 GetSystemTimeAsFileTime call e99750 2482->2485 2485->2481 2488 dc9c53-dc9c6f call e994aa 2486->2488 2489 dc9c4f 2487->2489 2490 dc9bef-dc9bf9 2487->2490 2489->2488 2490->2488 2493 dc9bfb-dc9bfc 2490->2493 2493->2486
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SystemFunction036.ADVAPI32(FFFFFFFF,FFFFFFFF,?,00DB1BE8,?,00000008,000000FF), ref: 00DC9A0E
                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00DC9A76
                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC9A88
                                                                                                                                                                                    • GetSystemTimeAsFileTime.KERNEL32(?), ref: 00DC9B1E
                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DC9B2C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Time$System$FileUnothrow_t@std@@@__ehfuncinfo$??2@$Function036
                                                                                                                                                                                    • String ID: Mo/
                                                                                                                                                                                    • API String ID: 2980182385-3468135856
                                                                                                                                                                                    • Opcode ID: e30aab8071d724ecbe145f747132e4d70eab7f914e1a416346187628a4fd26fa
                                                                                                                                                                                    • Instruction ID: 4c1093b927fb1d1debf2731636aced17141c88031345918f0fe1a7cbd213da3d
                                                                                                                                                                                    • Opcode Fuzzy Hash: e30aab8071d724ecbe145f747132e4d70eab7f914e1a416346187628a4fd26fa
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2961A4756053069FC710CF68D880B5FBBE5BBC8720F158B2CF9A897391D731A9059B92
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DABBA0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 176fileCOMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 2498 dabba0-dabbbf 2499 dabdf6-dabe0c call e994aa 2498->2499 2500 dabbc5-dabbcd 2498->2500 2501 dabbcf-dabbd6 2500->2501 2502 dabbe1-dabc36 call e993de call e9da70 GetModuleFileNameW call eb4504 2500->2502 2504 dabcdb-dabcdf 2501->2504 2505 dabbdc 2501->2505 2521 dabc3c-dabc41 2502->2521 2522 dabe0d-dabe0f call da0494 2502->2522 2508 dabce3-dabd16 CreateFileW 2504->2508 2509 dabce1 2504->2509 2505->2499 2508->2499 2511 dabd1c-dabd52 call e9da70 GetCurrentDirectoryW 2508->2511 2509->2508 2517 dabd58-dabd5d 2511->2517 2518 dabdf4 2511->2518 2517->2518 2520 dabd63-dabd7b call da1bbc 2517->2520 2518->2499 2534 dabd7d-dabd7f 2520->2534 2535 dabd81-dabd83 2520->2535 2525 dabc4e-dabc54 2521->2525 2526 dabc43-dabc4a 2521->2526 2528 dabe14-dabe19 call ead9b4 2522->2528 2525->2528 2531 dabc5a-dabc74 call e993de 2525->2531 2529 dabc7a-dabc8a call e9cf70 2526->2529 2530 dabc4c 2526->2530 2537 dabc8d-dabc99 2529->2537 2530->2537 2531->2529 2542 dabd86-dabd8c 2534->2542 2535->2542 2540 dabc9b 2537->2540 2541 dabc9e-dabcad call da20c2 2537->2541 2540->2541 2551 dabcaf-dabcb7 call da1dd6 2541->2551 2552 dabcbc-dabcd5 call da1a38 2541->2552 2545 dabd9e-dabdb1 call da1a38 2542->2545 2546 dabd8e-dabd98 call da1a38 2542->2546 2554 dabdb3 2545->2554 2555 dabdb5-dabde8 CreateFileW 2545->2555 2546->2545 2551->2552 2552->2499 2552->2504 2554->2555 2555->2499 2558 dabdea 2555->2558 2558->2518
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00DABC0E
                                                                                                                                                                                    • CreateFileW.KERNELBASE ref: 00DABD05
                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,00000000,?,?,?,?,?,?,?,debug.log,0000005C,?), ref: 00DABD4A
                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 00DABDD7
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$Create$CurrentDirectoryModuleName
                                                                                                                                                                                    • String ID: debug.log
                                                                                                                                                                                    • API String ID: 4120427848-600467936
                                                                                                                                                                                    • Opcode ID: 5fc1cd092d8afdf0e97f20ef501c751c1d250f88f5879a002c4cf17b3c4378e7
                                                                                                                                                                                    • Instruction ID: a94a1ce8a46c8657eb4e97d66a8698a0fa68fcdbfcee398f5d3b66c9ec1f0185
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5fc1cd092d8afdf0e97f20ef501c751c1d250f88f5879a002c4cf17b3c4378e7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E516B70A043145FDB209F24CC85BAA7FF0EF52724F14851EE445AB2D2EB719986C7B1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDFF91 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 2560 ddff91-ddffb2 2561 ddffb4 2560->2561 2562 ddffb7-ddfff0 call ddf782 call e1c50c 2560->2562 2561->2562 2567 de000d-de0014 2562->2567 2568 ddfff2-ddfffa 2562->2568 2571 de0019 2567->2571 2569 ddfffc-ddffff 2568->2569 2570 de0001-de0009 2568->2570 2569->2570 2570->2571 2572 de000b 2570->2572 2573 de001b-de004e call e9cf70 call e1c768 GetCurrentProcessId call db3aa0 2571->2573 2572->2573 2580 de0056-de007f call e9cf70 call e1c768 2573->2580 2581 de0050-de0053 2573->2581 2586 de008c-de009e call de1ee0 2580->2586 2587 de0081-de0089 call e9945e 2580->2587 2581->2580 2592 de00a6-de00cf call e9cf70 call e1c768 2586->2592 2593 de00a0-de00a3 2586->2593 2587->2586 2598 de00dc-de00fa call dabeb0 call dfc3a0 2592->2598 2599 de00d1-de00d9 call e9945e 2592->2599 2593->2592 2606 de00fc-de0157 call e993de call d83450 call e27b42 call d87f49 call de0242 call e2880a 2598->2606 2607 de0166-de017f call da7d90 call e994aa 2598->2607 2599->2598 2625 de015c-de0163 call de0353 2606->2625 2625->2607
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00000007,?,?,?,?,?,?,?,?,?,?,?,?,?,00DE01BF,?), ref: 00DE0035
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                    • String ID: 8096$asstgx_ins$browser$x86_64
                                                                                                                                                                                    • API String ID: 2050909247-2703544556
                                                                                                                                                                                    • Opcode ID: 1fb317c3bdb59b168ea414932a650f6a59381209a0021cd6a6c75eb0ba694f23
                                                                                                                                                                                    • Instruction ID: 8a860c63fc35c443292a7b92e4c073f45001fd72eea0e54498a755db448aa075
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fb317c3bdb59b168ea414932a650f6a59381209a0021cd6a6c75eb0ba694f23
                                                                                                                                                                                    • Instruction Fuzzy Hash: 665136B2E002545BDF10BBA59841AEF7FF5DF99310F098029F849B7242D631E994DBB2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DAC2A0 Relevance: 7.8, APIs: 5, Instructions: 326COMMON
                                                                                                                                                                                    Download Yara Rule

                                                                                                                                                                                    Control-flow Graph

                                                                                                                                                                                    • Executed
                                                                                                                                                                                    • Not Executed
                                                                                                                                                                                    control_flow_graph 2628 dac2a0-dac391 call d89eb8 call d9bb88 call d8cc00 call d8ab60 call d89db0 call d65604 2644 dac6a2-dac6b9 2628->2644 2645 dac397-dac456 call e9ea2f call eb28cd call e9ea2f call eb19a3 2628->2645 2648 dac6bf-dac789 call e993de call de92a0 call d81c60 call dc9c70 call dcecc0 2644->2648 2649 dac833-dac836 2644->2649 2669 dac493-dac497 2645->2669 2648->2645 2676 dac7bd-dac7d1 call e994e7 2648->2676 2671 dac4c9-dac4cd 2669->2671 2672 dac499-dac4a7 2669->2672 2677 dac62d-dac631 2671->2677 2674 dac4a9-dac4c2 call de8870 2672->2674 2675 dac4d2-dac4ed call e9da70 2672->2675 2674->2671 2688 dac4ef-dac4f3 2675->2688 2689 dac4f5 2675->2689 2692 dac532-dac53d 2676->2692 2693 dac7d7-dac7f0 call e9955d 2676->2693 2679 dac63f-dac666 call de66e0 2677->2679 2680 dac633-dac63c call e9945e 2677->2680 2696 dac668-dac670 call e9945e 2679->2696 2697 dac673-dac6a1 call d89a44 call d6ce50 call d89a3a call e994aa 2679->2697 2680->2679 2695 dac4f9-dac52c call db7ee0 call d6ce50 2688->2695 2689->2695 2698 dac82d-dac82e 2692->2698 2699 dac543-dac568 2692->2699 2693->2692 2695->2676 2695->2692 2696->2697 2704 dac830-dac831 2698->2704 2705 dac56e-dac583 2699->2705 2706 dac7f5-dac809 call e994e7 2699->2706 2704->2649 2705->2704 2711 dac589-dac5a2 call da3980 2705->2711 2706->2705 2716 dac80f-dac828 call e9955d 2706->2716 2722 dac620-dac629 call da3960 2711->2722 2723 dac5a4-dac5b0 2711->2723 2716->2705 2722->2677 2727 dac5b8 2723->2727 2728 dac5b2-dac5b6 2723->2728 2729 dac5bc-dac5c8 2727->2729 2728->2729 2732 dac5ca-dac5d3 call eb42d0 2729->2732 2733 dac5d5 2729->2733 2736 dac5d7-dac61c 2732->2736 2733->2736 2736->2722
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 6d49c6e37dc6b587f9fbb1ab257134449feacebbe6172944355b8a8b5a2378e4
                                                                                                                                                                                    • Instruction ID: 2093e470a2ccb3885ffbf20fba1581587f62a57cf8d240fe2c331d571363ebb2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6d49c6e37dc6b587f9fbb1ab257134449feacebbe6172944355b8a8b5a2378e4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2DC1C5B1A143409FDB10DF24C881A6AB7F1BFC9724F049A1DF49967392D771EA06CB62
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E25423 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 130COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(00000004), ref: 00E25446
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/client/crash_report_database_win.cc$: not a directory$GetFileAttributes
                                                                                                                                                                                    • API String ID: 3188754299-3496458271
                                                                                                                                                                                    • Opcode ID: f59bf5e9683804d4297637b39950b3a8a648c9bcd286d5c9aa0dd0249216b2ac
                                                                                                                                                                                    • Instruction ID: 3a2b8c16d9a0d97fbd89c6efa3139f776e0169cd7abf80b9c02b26762c2a1d58
                                                                                                                                                                                    • Opcode Fuzzy Hash: f59bf5e9683804d4297637b39950b3a8a648c9bcd286d5c9aa0dd0249216b2ac
                                                                                                                                                                                    • Instruction Fuzzy Hash: B1412B71A40338ABEF20AB50DC42FAAB769DF11314F0450A5F959B7183E731AE498B32
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D87387 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D87411
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D8749B
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: Crash Reports$OPERA_CRASH_LOG_DIR
                                                                                                                                                                                    • API String ID: 4092853384-687564514
                                                                                                                                                                                    • Opcode ID: 1a39f627638829594a0a12711a8a65e17d45b241f5f945d9858ee73efb837e86
                                                                                                                                                                                    • Instruction ID: ff34ffc34d4bfb0ee435c2cb67e1e94f62d5d4ff15ab3bec1c0a096acfc95bc7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1a39f627638829594a0a12711a8a65e17d45b241f5f945d9858ee73efb837e86
                                                                                                                                                                                    • Instruction Fuzzy Hash: 78310B71A082549BDB01BF689C81AFE77A5EF81310B14403DEC1567283DA34D905A772
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E25307 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateDirectoryW.KERNELBASE(?,00000000), ref: 00E2532C
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E2533C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/client/crash_report_database_win.cc, xrefs: 00E25389
                                                                                                                                                                                    • CreateDirectory , xrefs: 00E2539B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/client/crash_report_database_win.cc$CreateDirectory
                                                                                                                                                                                    • API String ID: 1375471231-4140125794
                                                                                                                                                                                    • Opcode ID: 258e1a0befcdc36ec04b01b1c4a615bb478dbcc7d18369fbc0e3b37d53192629
                                                                                                                                                                                    • Instruction ID: 5626a9853b269c31f9bcf053bd47966b2fd7c11e84f5b87f6d86085da077e0ec
                                                                                                                                                                                    • Opcode Fuzzy Hash: 258e1a0befcdc36ec04b01b1c4a615bb478dbcc7d18369fbc0e3b37d53192629
                                                                                                                                                                                    • Instruction Fuzzy Hash: AD210B31A003389BEB10A754EC46FBEB368DF45314F045069F95AF7282E7715E498771
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D65E80 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: Internet Browser
                                                                                                                                                                                    • API String ID: 4218353326-2063419344
                                                                                                                                                                                    • Opcode ID: d7f78c43cd40a96981e4248305d0897b419c1e9a949ef0d2b7e61d0a52cbbdcc
                                                                                                                                                                                    • Instruction ID: 0cb07673eceaa10d4725e67e4dca3d0c8a788afd591ab6e6421a3332595e4d34
                                                                                                                                                                                    • Opcode Fuzzy Hash: d7f78c43cd40a96981e4248305d0897b419c1e9a949ef0d2b7e61d0a52cbbdcc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 50A1AEB0904748AFEF11DFA4D845BAEBBF1AF06304F04406DE44A77252D776A949CBB2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D8724C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D8727D
                                                                                                                                                                                      • Part of subcall function 00DC24E0: GetFileAttributesW.KERNELBASE(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DC2551
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesFile_strlen
                                                                                                                                                                                    • String ID: Crash Reports$OPERA_CRASH_LOG_DIR
                                                                                                                                                                                    • API String ID: 2348415028-687564514
                                                                                                                                                                                    • Opcode ID: 2e3ddac30be10b394ffa78efdd0390ad655f79b7cf1316e032c02f5c1369b203
                                                                                                                                                                                    • Instruction ID: c8125a29d45c993e7e0734ad426b1d3fd36b6b6119000be6aff9a06cf4285a2f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2e3ddac30be10b394ffa78efdd0390ad655f79b7cf1316e032c02f5c1369b203
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3831D3B1B042055BDF05FBA59C816FFB7A5DF95310F184029E819B7242EB31E90697B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC3180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$OpenFile
                                                                                                                                                                                    • API String ID: 4218353326-4080947147
                                                                                                                                                                                    • Opcode ID: 1106f07ea60f73779ab225e0659ea43d57ef37979ea44158400aba672af4b509
                                                                                                                                                                                    • Instruction ID: e80f9e63bb08b78105ca8733b7f2163bbbe2e71ac08b56fae838d08c8a917f1c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1106f07ea60f73779ab225e0659ea43d57ef37979ea44158400aba672af4b509
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1B31F6719043816BD620AB248C06B6FBBA4EFC6B30F14871DF9F8672C1D771A64587A7
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E5AA84 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetFilePointerEx.KERNELBASE ref: 00E5AAF5
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 00E5AB32
                                                                                                                                                                                    • SetFilePointerEx, xrefs: 00E5AB42
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$SetFilePointerEx
                                                                                                                                                                                    • API String ID: 973152223-2639227240
                                                                                                                                                                                    • Opcode ID: 627c815fa3424f66f98804ad2c09f2a304fb33000fc4803f577d4d30ea940670
                                                                                                                                                                                    • Instruction ID: bad283e9dec66c62c172b8c64b6eefd9a4ad6ca64c2ae17e7db5eb4348e8d13c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 627c815fa3424f66f98804ad2c09f2a304fb33000fc4803f577d4d30ea940670
                                                                                                                                                                                    • Instruction Fuzzy Hash: AC21B672A043549BD720EF258802B9FB7EAEFC9720F05891EEC5967281D7709905C7E3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E5AB75 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00E5AA84: SetFilePointerEx.KERNELBASE ref: 00E5AAF5
                                                                                                                                                                                    • SetEndOfFile.KERNELBASE(00E287EB), ref: 00E5ABA0
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 00E5ABCF
                                                                                                                                                                                    • SetEndOfFile, xrefs: 00E5ABE1
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$Pointer
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$SetEndOfFile
                                                                                                                                                                                    • API String ID: 1339342385-591553600
                                                                                                                                                                                    • Opcode ID: 0231ad484fca78a0652f22b553e2aab3e48c32c9d69133357401cca99121cf88
                                                                                                                                                                                    • Instruction ID: d7722c4409710b4189bc5638ac7c4099f49a6965c430848ac8b114873604b58d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0231ad484fca78a0652f22b553e2aab3e48c32c9d69133357401cca99121cf88
                                                                                                                                                                                    • Instruction Fuzzy Hash: AE01D461F403182BEB10BAA55C43FBF775DDB05369F085074FE1867282EA755E4886B3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC24E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DC2551
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • DirectoryExists, xrefs: 00DC252C
                                                                                                                                                                                    • ../../base/files/file_util_win.cc, xrefs: 00DC2527
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$DirectoryExists
                                                                                                                                                                                    • API String ID: 3188754299-2653227169
                                                                                                                                                                                    • Opcode ID: 81334a9a2a04fc5981861368aeddc45dafe803e79d1df4e4d9603d3335d2555f
                                                                                                                                                                                    • Instruction ID: 33bd5a4613cec6132d951ba50432f90677a03e12f080ed040daf4510acb45b41
                                                                                                                                                                                    • Opcode Fuzzy Hash: 81334a9a2a04fc5981861368aeddc45dafe803e79d1df4e4d9603d3335d2555f
                                                                                                                                                                                    • Instruction Fuzzy Hash: DD010C72A103856BD3105B288C8656EB764EFCA770F10071DF5B5632C2EBB195458292
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC2320 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesW.KERNELBASE(FFFFFFFF,?,00000000), ref: 00DC2391
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$PathExists
                                                                                                                                                                                    • API String ID: 3188754299-1196770437
                                                                                                                                                                                    • Opcode ID: ab040b2025aaad65d5395b1f94a55f0c44e0ff625f0b0eb8f3a3580fa626dc9b
                                                                                                                                                                                    • Instruction ID: 34104cbc9577dd0da7a11dee39d916e6b457acff029b01e2a7bb7c0b653df136
                                                                                                                                                                                    • Opcode Fuzzy Hash: ab040b2025aaad65d5395b1f94a55f0c44e0ff625f0b0eb8f3a3580fa626dc9b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 020126716103816BD3109B288C8696EB768EFCA730F100B1EF5E5632C1EB71A54182D2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E5AC0E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindCloseChangeNotification.KERNELBASE(00E1CAFE), ref: 00E5AC29
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 00E5AC58
                                                                                                                                                                                    • CloseHandle, xrefs: 00E5AC6A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ChangeCloseFindNotification
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$CloseHandle
                                                                                                                                                                                    • API String ID: 2591292051-1576210609
                                                                                                                                                                                    • Opcode ID: 9cda448e8914a96871df0055439b1de53f09e438494c1cdae6074da532b0d656
                                                                                                                                                                                    • Instruction ID: f27fa046f6b8968202de08ce29628793f9a799968a38c3596df4b9fdd51743d9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9cda448e8914a96871df0055439b1de53f09e438494c1cdae6074da532b0d656
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7301A271A403286BEB20AA649C47FBF7219DB85720F440529BD056B3C2EB715D1985B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DCA1D0 Relevance: 4.6, APIs: 3, Instructions: 71timeCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00D610CE,00000001,?,00000000), ref: 00DCA239
                                                                                                                                                                                    • SystemTimeToTzSpecificLocalTime.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00D610CE,00000001,?), ref: 00DCA24B
                                                                                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00D610CE,00000001,?,00000000), ref: 00DCA282
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Time$System$File$LocalSpecific
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 979780441-0
                                                                                                                                                                                    • Opcode ID: 082489322a9e4b08bba0257a990dbb6dfe1f639353a1a0f7da331b1cdbc71a7a
                                                                                                                                                                                    • Instruction ID: ea34d21fdf9fd0e9c392253081d8159e58079940846bac7c258514027283fa99
                                                                                                                                                                                    • Opcode Fuzzy Hash: 082489322a9e4b08bba0257a990dbb6dfe1f639353a1a0f7da331b1cdbc71a7a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 53216F72E1078A8AD710CF38C841A66F7A8FFDA354F144B1EB4C497141EB75D6858792
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E5A51E Relevance: 4.6, APIs: 3, Instructions: 68fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ReadFile.KERNELBASE(00000000,00000000,7FFFFFFF,?,00000000,00000000,00000000), ref: 00E5A553
                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,7FFFFFFF,FFFFFFFF,00000000), ref: 00E5A58A
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00E5A596
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileRead$ErrorLast
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1577890643-0
                                                                                                                                                                                    • Opcode ID: 53ad2fe47075bd258cc25bb9522db71bafb14ad7fcff9a4d43f28e1eb8a048ba
                                                                                                                                                                                    • Instruction ID: 8cdfffed8ec50c0f69b9a2b319dbbb4947916f225a347f59c6fde57b7e628b49
                                                                                                                                                                                    • Opcode Fuzzy Hash: 53ad2fe47075bd258cc25bb9522db71bafb14ad7fcff9a4d43f28e1eb8a048ba
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D1193717002199FDB14CF64CD84EAE77ACEB49335B640B38EE25A72C0EA30DD088762
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC8690 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DC8709
                                                                                                                                                                                    • GetNativeSystemInfo.KERNELBASE ref: 00DC8731
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DC875C
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InfoInit_thread_footerInit_thread_headerNativeSystem
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 420575652-0
                                                                                                                                                                                    • Opcode ID: ff18e8da7a5d8d70ccf38253c01a8650860df4a2aecc405b9072e4ea41f5aa4f
                                                                                                                                                                                    • Instruction ID: cdf6d215784a01c21af5384247b2981d02d898b86b5b65d41fbe2c58424aee39
                                                                                                                                                                                    • Opcode Fuzzy Hash: ff18e8da7a5d8d70ccf38253c01a8650860df4a2aecc405b9072e4ea41f5aa4f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5821D271D04284CBD701DB2CE842FE9B3A4FB88311F06432DFC95572A1EB31A991A7D6
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DB1B70 Relevance: 3.1, APIs: 2, Instructions: 62COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __aullrem.LIBCMT ref: 00DB1BAF
                                                                                                                                                                                      • Part of subcall function 00DC9A00: SystemFunction036.ADVAPI32(FFFFFFFF,FFFFFFFF,?,00DB1BE8,?,00000008,000000FF), ref: 00DC9A0E
                                                                                                                                                                                    • __aullrem.LIBCMT ref: 00DB1C04
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __aullrem$Function036System
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3297659922-0
                                                                                                                                                                                    • Opcode ID: 24a772f473fce45220f35dcee1392fe6d63bace4e93b494a180fe1459b10b296
                                                                                                                                                                                    • Instruction ID: 07370ffefa6a017616500b0cf05fb90c55059307939924b6422d9570b8ef5fd2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 24a772f473fce45220f35dcee1392fe6d63bace4e93b494a180fe1459b10b296
                                                                                                                                                                                    • Instruction Fuzzy Hash: A611D332A042156BC7009F2CCC4594A7BE6EBC5370F15872CF8B95B2D1DA30A9048791
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D65A70 Relevance: 3.0, APIs: 2, Instructions: 50COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D65AB8
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D65B10
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4092853384-0
                                                                                                                                                                                    • Opcode ID: b405f327e0f75a997155313d8cd7c4032d08094c028675c1c20d6e9fcd3d2ddd
                                                                                                                                                                                    • Instruction ID: 89320a58e8befcda4a04408c3a80d8548b0aa0a62aa502e1a5f95ddf67ed6a00
                                                                                                                                                                                    • Opcode Fuzzy Hash: b405f327e0f75a997155313d8cd7c4032d08094c028675c1c20d6e9fcd3d2ddd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8B012B71E006189BCF00EBACA8526DD77E5EB45310F05817DEC166B386E631BA419BB2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDCE6A Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileType.KERNELBASE(?,?,?,?,?,00DDBA0A,00000008,?,?,?,?,?,00000000,00F14F64,00000000), ref: 00DDCE88
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileType
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3081899298-0
                                                                                                                                                                                    • Opcode ID: 30a219dccc3116dac2e31103654821c1737634a727ec982ffd3a460f5672fa43
                                                                                                                                                                                    • Instruction ID: d86507e1cc78a7ab3ef82c5b572ad8d189e40a45b4ed7ab7bcb8a7ecb8827709
                                                                                                                                                                                    • Opcode Fuzzy Hash: 30a219dccc3116dac2e31103654821c1737634a727ec982ffd3a460f5672fa43
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E31C2B1A102064BDF24DF6CC8C157EB3E6AF85310F18853BE416C7751E631ED41CAA1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EBF5C7 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __wsopen_s
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3347428461-0
                                                                                                                                                                                    • Opcode ID: 7bf500c3cbda3f65f5ada0b3bddf4c6296b3393651a30e3897afe0f5a2bee41f
                                                                                                                                                                                    • Instruction ID: b3608812e81a295414450f475025d20d343ce22b6386cb86161648b014b1f36e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7bf500c3cbda3f65f5ada0b3bddf4c6296b3393651a30e3897afe0f5a2bee41f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 58116671A0420EAFCF05DF58E9459DB7BF8EF88304F154069F809AB211D630ED21CBA4
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC81C0 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CoInitializeEx.OLE32(00000000,00000006,?,-00000001,?,00D6107F,00000000), ref: 00DC8219
                                                                                                                                                                                      • Part of subcall function 00DFE940: CoRegisterInitializeSpy.OLE32(00000000), ref: 00DFE99E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Initialize$Register
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2642324518-0
                                                                                                                                                                                    • Opcode ID: e18795d4636bb1e79ad886cefe56f2e91d3ec025bef51a1cafb94255e4157ecd
                                                                                                                                                                                    • Instruction ID: 4d06803ead030b473e2fab4fc14137e3e1b9e3ce6af4e94093d5b927c27373f1
                                                                                                                                                                                    • Opcode Fuzzy Hash: e18795d4636bb1e79ad886cefe56f2e91d3ec025bef51a1cafb94255e4157ecd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BF0C2B16043055BD7208FA9D849F17B7D8EB84751F18806EE909CB380DFB2D802C7B1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E5A5C9 Relevance: 1.5, APIs: 1, Instructions: 23fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateFileW.KERNELBASE(?,74DF3390,00000003,00000000,00000000,00000080,00000000,7FFFFFFF), ref: 00E5A5F4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                    • Opcode ID: f147b8353c501ee42fdd8190f8848766d5c9ecaff5cc6516dd2ab292c204a006
                                                                                                                                                                                    • Instruction ID: 6eb4d2c320e18221a2a1f690c015efd1254efb82c6f777f532506355df38d40c
                                                                                                                                                                                    • Opcode Fuzzy Hash: f147b8353c501ee42fdd8190f8848766d5c9ecaff5cc6516dd2ab292c204a006
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0BE086715001747FD6205725DC49FA7FF5CEB4A6A1F058651F848AB041E270AD4483D1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EAC9B7 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateFileW.KERNELBASE(00000000,00000000,?,00EAC675,?,?,00000000,?,00EAC675,00000000,0000000C), ref: 00EAC9D4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                                                    • Opcode ID: 0654bb0add9eb565a3c32c1c04febb437b1e739a1a262c533f142bccab8d4d5c
                                                                                                                                                                                    • Instruction ID: eba8a305997aeb68d7687b5ef4bd2bdaaed441a32d0380abe70d14e7e56a7dfd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0654bb0add9eb565a3c32c1c04febb437b1e739a1a262c533f142bccab8d4d5c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4ED06C3200024DBFDF028F84DC06EDA3FAAFB88714F018000BA1856060C732E821EB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC8370 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetHandleVerifier.ASSISTANT_INSTALLER(?,?,00DC631A,?,00000000,?,00F14CF8,?,?,?,?,00DC648D,00000000), ref: 00DC8377
                                                                                                                                                                                      • Part of subcall function 00DFEB90: GetModuleHandleW.KERNEL32(00000000), ref: 00DFEB9E
                                                                                                                                                                                      • Part of subcall function 00DFEB90: GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00DFEBAA
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Handle$AddressModuleProcVerifier
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3286154149-0
                                                                                                                                                                                    • Opcode ID: 1cc07427af520186a7326f8132783c901fbcac9168e32443b6a52e1578090511
                                                                                                                                                                                    • Instruction ID: 1cec1df09f2b349d971008c4b0c3627301ba74e4ef3d472846675cfd5579a965
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1cc07427af520186a7326f8132783c901fbcac9168e32443b6a52e1578090511
                                                                                                                                                                                    • Instruction Fuzzy Hash: 93C04C31201528AF8A007A55D8558EE7B9DDE4A26570144A1FA0A9B221DB61AD4147F5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DAAA30 Relevance: 1.3, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,?,?,00D86046,?,?,00000000), ref: 00DAAAD9
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                    • Opcode ID: 09acdccc1487e70e8a5bee813ecc90c6253264f0849a3c869b9c1fbdc6043321
                                                                                                                                                                                    • Instruction ID: e2d0777284332c9879f33bffe7a3c24f1b2a1515abe6c61839c2c34306ea0721
                                                                                                                                                                                    • Opcode Fuzzy Hash: 09acdccc1487e70e8a5bee813ecc90c6253264f0849a3c869b9c1fbdc6043321
                                                                                                                                                                                    • Instruction Fuzzy Hash: D43106716043419FDB05DF28C880A6FBBE5EF8A354F048A2DF89557291D730EA59CB63
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC82A0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CoUninitialize.OLE32 ref: 00DC82D2
                                                                                                                                                                                      • Part of subcall function 00DFE9E0: CoRevokeInitializeSpy.OLE32 ref: 00DFEA13
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: InitializeRevokeUninitialize
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3049223277-0
                                                                                                                                                                                    • Opcode ID: f3f5b4389859e1a10b36afd7ff9715313816e07e768786a4eda64c9ce1aa665e
                                                                                                                                                                                    • Instruction ID: e5d3e7c350af5c016569ce4e72b30f4cc64c343ffe4ea489b73f87965282ca42
                                                                                                                                                                                    • Opcode Fuzzy Hash: f3f5b4389859e1a10b36afd7ff9715313816e07e768786a4eda64c9ce1aa665e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4FF01C70201B069BD7249FA6C49CF67BBE8EF45345F18846EE44ACB660CF72E841DB64
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                    Function 00E2206C Relevance: 62.4, APIs: 14, Strings: 21, Instructions: 1183COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00E231D0), ref: 00E22092
                                                                                                                                                                                    • SetConsoleCtrlHandler.KERNEL32(00E231B0,00000001), ref: 00E220A4
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E220ED
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E222D4
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E222F5
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E2235B
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E2237C
                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00E231D0,?,?,?,?,?,?,?,00000001,00000000,?,?,--no-periodic-tasks), ref: 00E229C6
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E22A5B
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E22A77
                                                                                                                                                                                    • SetProcessShutdownParameters.KERNEL32(00000100,00000001), ref: 00E22CF9
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00E22F17
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E22F50
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E23014
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • %], xrefs: 00E22203
                                                                                                                                                                                    • , discarding value , xrefs: 00E23061
                                                                                                                                                                                    • --database is required, xrefs: 00E22AE6
                                                                                                                                                                                    • SetProcessShutdownParameters, xrefs: 00E22D32
                                                                                                                                                                                    • --no-upload-gzip, xrefs: 00E2287D
                                                                                                                                                                                    • CrashpadMetrics, xrefs: 00E22DFA, 00E22E22
                                                                                                                                                                                    • --initial-client-data and --pipe-name are incompatible, xrefs: 00E226B5
                                                                                                                                                                                    • --initial-client-data or --pipe-name is required, xrefs: 00E22B8C
                                                                                                                                                                                    • --no-rate-limit, xrefs: 00E2284B
                                                                                                                                                                                    • --monitor-self, xrefs: 00E227A8
                                                                                                                                                                                    • failed to parse --initial-client-data, xrefs: 00E22AD5
                                                                                                                                                                                    • !#, xrefs: 00E23010, 00E23013, 00E2301D
                                                                                                                                                                                    • Usage: %ls [OPTION]...Crashpad's exception handler server. --annotation=KEY=VALUE set a process annotation in each crash report --attachment=FILE_PATH attach specified file to each crash report at the time of the c, xrefs: 00E226EF
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/handler/handler_main.cc, xrefs: 00E22D23, 00E22EE9, 00E23002
                                                                                                                                                                                    • --monitor-self-annotation, xrefs: 00E22317
                                                                                                                                                                                    • --no-periodic-tasks, xrefs: 00E22819
                                                                                                                                                                                    • --monitor-self-argument=--monitor-self is not supported, xrefs: 00E22EF8
                                                                                                                                                                                    • --monitor-self-annotation=%s=%s, xrefs: 00E228CC
                                                                                                                                                                                    • --annotation, xrefs: 00E2224E
                                                                                                                                                                                    • --no-identify-client-via-url, xrefs: 00E227F0
                                                                                                                                                                                    • has duplicate key , xrefs: 00E2302D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen$ExceptionFilterUnhandled$ConsoleCtrlHandlerInit_thread_footerInit_thread_headerParametersProcessShutdown
                                                                                                                                                                                    • String ID: has duplicate key $!#$%]$, discarding value $--annotation$--database is required$--initial-client-data and --pipe-name are incompatible$--initial-client-data or --pipe-name is required$--monitor-self$--monitor-self-annotation$--monitor-self-annotation=%s=%s$--monitor-self-argument=--monitor-self is not supported$--no-identify-client-via-url$--no-periodic-tasks$--no-rate-limit$--no-upload-gzip$../../third_party/crashpad/crashpad/handler/handler_main.cc$CrashpadMetrics$SetProcessShutdownParameters$Usage: %ls [OPTION]...Crashpad's exception handler server. --annotation=KEY=VALUE set a process annotation in each crash report --attachment=FILE_PATH attach specified file to each crash report at the time of the c$failed to parse --initial-client-data
                                                                                                                                                                                    • API String ID: 3033975033-174887258
                                                                                                                                                                                    • Opcode ID: 97b32d333917dc6e212a187a6ec36ec63f6a791c305994c6f140fd614186151d
                                                                                                                                                                                    • Instruction ID: 734f1d2ea8771d9fb94efb33dbfa392ccf6d7497fed606e791d938a159bbcc01
                                                                                                                                                                                    • Opcode Fuzzy Hash: 97b32d333917dc6e212a187a6ec36ec63f6a791c305994c6f140fd614186151d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4BA205B1600740AFDB25DF30D881BE7B7E5AF95300F04592DE59BA7282EB31B949C762
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D80746 Relevance: 24.4, APIs: 16, Instructions: 391COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 00D808BB
                                                                                                                                                                                    • GetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000,?,?,?,00000000), ref: 00D80905
                                                                                                                                                                                    • GetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000,?), ref: 00D8093C
                                                                                                                                                                                    • GetExplicitEntriesFromAclW.ADVAPI32(?,?,?,?,?,00000000), ref: 00D80958
                                                                                                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,FFFFFFFF), ref: 00D8099C
                                                                                                                                                                                    • BuildExplicitAccessWithNameW.ADVAPI32(?,?,?,00000001,00000003,?,?,00000000), ref: 00D809D3
                                                                                                                                                                                    • SetEntriesInAclW.ADVAPI32(00000001,?,00000000,?,?,?,00000000), ref: 00D809E9
                                                                                                                                                                                    • SetEntriesInAclW.ADVAPI32(?,?,?,?,?,?,00000000), ref: 00D80A0A
                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00000000), ref: 00D80A1B
                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,00000000), ref: 00D80A2A
                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,00000000), ref: 00D80A3B
                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,00000000), ref: 00D80A4A
                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 00D80A86
                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32(?,?,00000004,00000000,00000000,?,00000000), ref: 00D80ADA
                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 00D80B00
                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 00D80B0F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FreeLocal$InfoNamedSecurity$Entries$ExplicitName$AccessBuildCheckFromMembershipTokenUserWith
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4240689945-0
                                                                                                                                                                                    • Opcode ID: c1f60c356f2914cbb999f3b1d0d464ed1f90331f3d08220d7faf25c444269d5d
                                                                                                                                                                                    • Instruction ID: 2465b0a151b354f1e23982f2f2e3992a0e294bbd41fa5463d48582724697a556
                                                                                                                                                                                    • Opcode Fuzzy Hash: c1f60c356f2914cbb999f3b1d0d464ed1f90331f3d08220d7faf25c444269d5d
                                                                                                                                                                                    • Instruction Fuzzy Hash: C4D1AEB1600305AFDB14EF68C884A6BBBE9FF89350F04452DF955D7251EB70E909CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC5D10 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 319fileprocesssynchronizationCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreatePipe.KERNEL32(00000000,00000000,0000000C,00000000), ref: 00DC5D82
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC5D9D
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DC5DBB
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC5DD5
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DC5DF2
                                                                                                                                                                                    • SetHandleInformation.KERNEL32(?,00000001,00000000), ref: 00DC5E0C
                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00DC5F0A
                                                                                                                                                                                    • GetStdHandle.KERNEL32(000000F4), ref: 00DC5F2E
                                                                                                                                                                                      • Part of subcall function 00DE8010: TryAcquireSRWLockExclusive.KERNEL32(000000D0), ref: 00DE803F
                                                                                                                                                                                    • CreateProcessW.KERNEL32 ref: 00DC5F9D
                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000400,00000000,00000000), ref: 00DC60F0
                                                                                                                                                                                    • ReadFile.KERNEL32(?,?,00000400,?,00000000,?,00000000), ref: 00DC6135
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00DC6149
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$Handle$CreateFileRead$AcquireExclusiveInformationLockObjectPipeProcessSingleWait
                                                                                                                                                                                    • String ID: D
                                                                                                                                                                                    • API String ID: 3662480232-2746444292
                                                                                                                                                                                    • Opcode ID: 159f7005445cdb017b97f7f1ff432f5d48ad217416c1773119ec6d12c482fa79
                                                                                                                                                                                    • Instruction ID: f11db3566a9a22acb0fa1fad906033bcbde33d3d2a3d61272278cbf94eb57009
                                                                                                                                                                                    • Opcode Fuzzy Hash: 159f7005445cdb017b97f7f1ff432f5d48ad217416c1773119ec6d12c482fa79
                                                                                                                                                                                    • Instruction Fuzzy Hash: 91D1BF719087419FE720DF24C884BABBBE5BFC5310F144A1DF999972A1DB70A844DBA3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC4EE0 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 406processsynchronizationCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetHandleInformation.KERNEL32(00D81A0E,00000001,00000001,?,00F14C28), ref: 00DC4FB6
                                                                                                                                                                                    • CreateEnvironmentBlock.USERENV(00000000,?,00000000,?), ref: 00DC517C
                                                                                                                                                                                    • CreateProcessAsUserW.ADVAPI32(?,00000000,FFFFFFFF,00000000,00000000,?,00000000,00000000,00000000,?,?,00000000,?,00000000,?), ref: 00DC51BD
                                                                                                                                                                                    • DestroyEnvironmentBlock.USERENV(00000000), ref: 00DC51C9
                                                                                                                                                                                    • GetEnvironmentStringsW.KERNEL32(?), ref: 00DC524D
                                                                                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(?), ref: 00DC5330
                                                                                                                                                                                    • CreateProcessW.KERNEL32(00000000,FFFFFFFF,00000000,00000000,?,00000000,00000000,00000000,?,?,?), ref: 00DC5376
                                                                                                                                                                                    • AssignProcessToJobObject.KERNEL32(?,00000000), ref: 00DC53BE
                                                                                                                                                                                    • AllowSetForegroundWindow.USER32(00000000), ref: 00DC53DB
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?), ref: 00DC53EC
                                                                                                                                                                                      • Part of subcall function 00DC6240: GetLastError.KERNEL32(?,00F14CF8,?,?,00DC648D,00000000,?,?,?,00DCB3EC), ref: 00DC6255
                                                                                                                                                                                      • Part of subcall function 00DC6240: SetLastError.KERNEL32(00000000,?,?,00DC648D,00000000,?,?,?,00DCB3EC), ref: 00DC628C
                                                                                                                                                                                      • Part of subcall function 00DC6240: GetCurrentProcess.KERNEL32(?,00F14CF8,?,?,00DC648D,00000000,?,?,?,00DCB3EC), ref: 00DC6296
                                                                                                                                                                                      • Part of subcall function 00DC65B0: GetCurrentProcess.KERNEL32(5D5B5F5E,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DC65CE
                                                                                                                                                                                      • Part of subcall function 00DC65B0: TerminateProcess.KERNEL32(CD5C2137,^_[],5D5B5F5E,?), ref: 00DC65DA
                                                                                                                                                                                      • Part of subcall function 00DC65B0: GetCurrentProcess.KERNEL32 ref: 00DC65F0
                                                                                                                                                                                      • Part of subcall function 00DC65B0: WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00DC6642
                                                                                                                                                                                      • Part of subcall function 00DC65B0: GetCurrentProcess.KERNEL32 ref: 00DC664E
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Process$CurrentEnvironment$CreateObject$BlockErrorLastSingleStringsWait$AllowAssignDestroyForegroundFreeHandleInformationTerminateUserWindow
                                                                                                                                                                                    • String ID: ../../base/process/launch_win.cc$LaunchProcess
                                                                                                                                                                                    • API String ID: 4109405000-1974568409
                                                                                                                                                                                    • Opcode ID: e1813952e6fc13afc359b7b98db5ec3f30e7dffb8ae164434c8424a9b45ac3ee
                                                                                                                                                                                    • Instruction ID: c0bd6e964a2010942fd5885f91a754215bcf51e6ea5634c539df56a9319256e7
                                                                                                                                                                                    • Opcode Fuzzy Hash: e1813952e6fc13afc359b7b98db5ec3f30e7dffb8ae164434c8424a9b45ac3ee
                                                                                                                                                                                    • Instruction Fuzzy Hash: D5F1BF706087829BDB20DF24D844B6BBBE1FF85314F084A1CF4D557295DBB0E989DBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DCA6D0 Relevance: 19.6, APIs: 13, Instructions: 128threadCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00DCA709
                                                                                                                                                                                    • GetThreadPriority.KERNEL32(00000000), ref: 00DCA70C
                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00DCA716
                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,00000002), ref: 00DCA71B
                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DCA782
                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00DCA790
                                                                                                                                                                                    • SetThreadPriority.KERNEL32(00000000,?), ref: 00DCA79B
                                                                                                                                                                                    • QueryPerformanceFrequency.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DCA7B2
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DCA87E
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DCA8A5
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DCA8B7
                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00DCA8E1
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DCA8FF
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Thread$CurrentPerformancePriorityQuery$CounterInit_thread_footerInit_thread_header$Frequency
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 521408450-0
                                                                                                                                                                                    • Opcode ID: 9ae2b94a7e8912eca599d65c07ffdeef1abe603a845dfc38ed52dc27fb9da7b7
                                                                                                                                                                                    • Instruction ID: 9ea1b0592cd1742e5b959219aff7cfcd5440c43ba1b8c351f352a48c054c76cd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ae2b94a7e8912eca599d65c07ffdeef1abe603a845dfc38ed52dc27fb9da7b7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8551CE718097488FC301DF79E845A8AB7E4FFC9394F12871EE885632A1DB31A546DB92
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E535F4 Relevance: 18.0, APIs: 4, Strings: 6, Instructions: 491COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • %s: invalid option -- `-%c', xrefs: 00E539A1
                                                                                                                                                                                    • %s: option `%s' is ambiguous (could be `--%s' or `--%s'), xrefs: 00E53B35
                                                                                                                                                                                    • %s: argument required for option `, xrefs: 00E53B80
                                                                                                                                                                                    • POSIXLY_CORRECT, xrefs: 00E5369B
                                                                                                                                                                                    • --%s', xrefs: 00E53BA6
                                                                                                                                                                                    • -%c', xrefs: 00E53BDA
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ___from_strstr_to_strchr_strlen
                                                                                                                                                                                    • String ID: %s: argument required for option `$%s: invalid option -- `-%c'$%s: option `%s' is ambiguous (could be `--%s' or `--%s')$-%c'$--%s'$POSIXLY_CORRECT
                                                                                                                                                                                    • API String ID: 1576176021-3002513585
                                                                                                                                                                                    • Opcode ID: 35b828f5102b82ba12df3218d79046c0c2842de1fc635ef67485c7547e796fb6
                                                                                                                                                                                    • Instruction ID: 344a0a03e2539c3e03c10dd0a2d9fd1f07f6c297af58143846008b3906800a52
                                                                                                                                                                                    • Opcode Fuzzy Hash: 35b828f5102b82ba12df3218d79046c0c2842de1fc635ef67485c7547e796fb6
                                                                                                                                                                                    • Instruction Fuzzy Hash: AB02DEB5E002199BDF24CFA4D8817EEB7B1BB48349F199529EC01B7342D375AE49CB90
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E211A6 Relevance: 17.9, APIs: 2, Strings: 8, Instructions: 369COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00D63696: _strlen.LIBCMT ref: 00D636AD
                                                                                                                                                                                    • K32GetProcessMemoryInfo.KERNEL32(00000000,?,0000002C), ref: 00E2130C
                                                                                                                                                                                    • K32GetPerformanceInfo.KERNEL32(?,00000038), ref: 00E214E2
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Info$MemoryPerformanceProcess_strlen
                                                                                                                                                                                    • String ID: Win32$^_[]$cana$channel$plat$prod$ptype$ver
                                                                                                                                                                                    • API String ID: 4159616963-1260709952
                                                                                                                                                                                    • Opcode ID: 4b8ad568136ac37b334c05b53c54a8f243e577afec0d4f613df8fc982ea4d4ae
                                                                                                                                                                                    • Instruction ID: ac5dd73ec16a9aa66b009eb9ce630d8ebbaeeb33171c3608ffe51bce95cff5fe
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4b8ad568136ac37b334c05b53c54a8f243e577afec0d4f613df8fc982ea4d4ae
                                                                                                                                                                                    • Instruction Fuzzy Hash: 15E1D4719083919BDB20DF24C880B6FBBE4FFE5300F04996EF5CAA2251EB309645CB52
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E56D0E Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 284synchronizationthreadCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00E570A0,00000000,00000000,00000000), ref: 00E56E01
                                                                                                                                                                                    • GetQueuedCompletionStatus.KERNEL32(?,?,?,?,000000FF), ref: 00E56ECE
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32 ref: 00E56EE3
                                                                                                                                                                                      • Part of subcall function 00E1CB18: GetVersion.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00E1CB49
                                                                                                                                                                                      • Part of subcall function 00E1CB18: CreateNamedPipeW.KERNELBASE ref: 00E1CBA4
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 00E56F30
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?), ref: 00E56FC6
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00E56FD3
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00E57051
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/exception_handler_server.cc, xrefs: 00E56E38, 00E56E6B
                                                                                                                                                                                    • CreateNamedPipe, xrefs: 00E56E86
                                                                                                                                                                                    • CreateThread, xrefs: 00E56E4F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireCreateRelease$CompletionNamedObjectPipeQueuedSingleStatusThreadVersionWait
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/exception_handler_server.cc$CreateNamedPipe$CreateThread
                                                                                                                                                                                    • API String ID: 995286921-1199881885
                                                                                                                                                                                    • Opcode ID: 289606d9c4a8be2ef1988947d3be49c1046b8fb88fa9832bbb33db6e9d7d8ee7
                                                                                                                                                                                    • Instruction ID: fedb915283dd832889be8de4351a82ff64172019baa2f4d37cdb42f1428b2105
                                                                                                                                                                                    • Opcode Fuzzy Hash: 289606d9c4a8be2ef1988947d3be49c1046b8fb88fa9832bbb33db6e9d7d8ee7
                                                                                                                                                                                    • Instruction Fuzzy Hash: A5B1B171A083009FC710EF28D881A6ABBE1FF84315F555A2DF899A73A1D731DD48CB62
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC6AE0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82threadlibraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00DFE230: TryAcquireSRWLockExclusive.KERNEL32(00000000,00DDE527,?,?,?,00DC6B03,00DDE527,?,?,00DDE527,?), ref: 00DFE251
                                                                                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00DC6B50
                                                                                                                                                                                    • IsDebuggerPresent.KERNEL32(00DDE527,?,?,00DDE527,?), ref: 00DC6B6B
                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00DC6B7D
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DC6BA4
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Kernel32.dll,00DDE527,?,?,00DDE527,?), ref: 00DC6BBE
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 00DC6BCA
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DC6BDA
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentThread$AcquireAddressDebuggerExclusiveHandleInit_thread_footerInit_thread_headerLockModulePresentProc
                                                                                                                                                                                    • String ID: Kernel32.dll$SetThreadDescription
                                                                                                                                                                                    • API String ID: 4238099923-1724334159
                                                                                                                                                                                    • Opcode ID: 81a2222b3fbb1198aee5edb3e6d5a3bbe7b6a218a091853377c11dab09056529
                                                                                                                                                                                    • Instruction ID: 69da82e4308ef92ceb77cd175c11c15121ba35dcbd91fd9aca0922b6ec45384d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 81a2222b3fbb1198aee5edb3e6d5a3bbe7b6a218a091853377c11dab09056529
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D210675A0130D9FDB10ABA4EC55EBE77AAFB40710F05846DF85693242DA31FC0197B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC9120 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 296fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,?,00000000,?,?), ref: 00DC91E4
                                                                                                                                                                                    • FindClose.KERNEL32(?,?,?), ref: 00DC91F8
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?), ref: 00DC9342
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(FFFFFFFF,FFFFFFFF,?,?,?,00000001,?,?), ref: 00DC9420
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileFind$AttributesCloseErrorLastNext
                                                                                                                                                                                    • String ID: ../../base/files/file_enumerator_win.cc$Next
                                                                                                                                                                                    • API String ID: 2898002969-3065876524
                                                                                                                                                                                    • Opcode ID: ef58aaadda534dc6be84494d20511c92ae558e74de4628944d70515f2a0a8b54
                                                                                                                                                                                    • Instruction ID: 75a73955bdbd18e8b55e5a783901708465c82bf53acfd1d72286a56362601f27
                                                                                                                                                                                    • Opcode Fuzzy Hash: ef58aaadda534dc6be84494d20511c92ae558e74de4628944d70515f2a0a8b54
                                                                                                                                                                                    • Instruction Fuzzy Hash: 80B1BF70608743ABDB18DF24C899BAAF7A5BF85310F14471DF4A9872D1DB30E945CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D82770 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 99fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateFileW.KERNEL32(?,?,?,?,?,?,00000000), ref: 00D82814
                                                                                                                                                                                    • DeviceIoControl.KERNEL32 ref: 00D8285D
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D82869
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • \\.\%lc:, xrefs: 00D8279B
                                                                                                                                                                                    • IsValid, xrefs: 00D827D3
                                                                                                                                                                                    • ../../opera/desktop/windows/os_operations/os_operations_impl.cc, xrefs: 00D827CE
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ControlCreateDeviceErrorFileLast
                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/os_operations/os_operations_impl.cc$IsValid$\\.\%lc:
                                                                                                                                                                                    • API String ID: 1247001307-2475376787
                                                                                                                                                                                    • Opcode ID: 95569541037d85bb7d896bd785a902b4a1caefd58b09f2b70e9f8cf60511276a
                                                                                                                                                                                    • Instruction ID: 319e4187a43f73b70f3aa8638edffe1b29f7a8f9085f8e5e0466d2770c647b97
                                                                                                                                                                                    • Opcode Fuzzy Hash: 95569541037d85bb7d896bd785a902b4a1caefd58b09f2b70e9f8cf60511276a
                                                                                                                                                                                    • Instruction Fuzzy Hash: AF31E6B19043419FD700EF69C98556BFBE4FF99300F408A2EF8D993251EB70A549CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D8051B Relevance: 7.6, APIs: 5, Instructions: 74COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,00D8043C,SeTakeOwnershipPrivilege), ref: 00D8053C
                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,00000020,?,?,?,?,?,?,?,?,?,00D8043C,SeTakeOwnershipPrivilege), ref: 00D80546
                                                                                                                                                                                      • Part of subcall function 00D71B9C: GetLastError.KERNEL32(00000000,?,-00000001,?,00D712C9,00000000), ref: 00D71BAB
                                                                                                                                                                                      • Part of subcall function 00D71B9C: SetLastError.KERNEL32(00000000,?,00D712C9,00000000), ref: 00D71BCA
                                                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00D80577
                                                                                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00D8043C,SeTakeOwnershipPrivilege), ref: 00D805A9
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00D8043C,SeTakeOwnershipPrivilege), ref: 00D805B3
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$ProcessToken$AdjustCurrentLookupOpenPrivilegePrivilegesValue
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2332101959-0
                                                                                                                                                                                    • Opcode ID: faff97e6d4ed108c8b2168b1468fa2c165dad69243479c918a10b13510bf9523
                                                                                                                                                                                    • Instruction ID: 110e4348021876525b725cf6509635b22332855a622cdb38823316d82d754ef9
                                                                                                                                                                                    • Opcode Fuzzy Hash: faff97e6d4ed108c8b2168b1468fa2c165dad69243479c918a10b13510bf9523
                                                                                                                                                                                    • Instruction Fuzzy Hash: 03213AB1A0121DAFDB149FA9DC88AAEBBF8FF09354B048569F805A7291D7349D44CF30
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E59AE2 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindFirstFileExW.KERNEL32(?,00000001,?,00000000,00000000,00000002,?,00ED1CA0,00000001), ref: 00E59B41
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • FindFirstFile, xrefs: 00E59BE7
                                                                                                                                                                                    • Empty directory path, xrefs: 00E59B9E
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/directory_reader_win.cc, xrefs: 00E59B8C, 00E59BD5
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileFindFirst
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/directory_reader_win.cc$Empty directory path$FindFirstFile
                                                                                                                                                                                    • API String ID: 1974802433-2519462454
                                                                                                                                                                                    • Opcode ID: a190ed1c498d46622c97d80a5aa8cf9632f7249b24879dcc9d5211792c35c1d3
                                                                                                                                                                                    • Instruction ID: 025eb1adc12efa72a503b89902111303243c9a83de5135320899fa7fc7f32d18
                                                                                                                                                                                    • Opcode Fuzzy Hash: a190ed1c498d46622c97d80a5aa8cf9632f7249b24879dcc9d5211792c35c1d3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 71314B30740318AAEF14AB609C47FFEB369DF45714F400469F909BB2C3DA716A4987B5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDC3B6 Relevance: 3.1, APIs: 2, Instructions: 69COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(00DDFE4E,?,?,?,?,?,?,?,?,00000000,?,?,?,00DDFE4E,?), ref: 00DDC3EA
                                                                                                                                                                                      • Part of subcall function 00E1C8A4: CreateFileW.KERNELBASE ref: 00E1C8EF
                                                                                                                                                                                      • Part of subcall function 00E1C8A4: GetLastError.KERNEL32 ref: 00E1C8F6
                                                                                                                                                                                      • Part of subcall function 00E1C8A4: WaitNamedPipeW.KERNEL32(?,000000FF), ref: 00E1C914
                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00DDC770,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 00DDC440
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateCurrentErrorExceptionFileFilterLastNamedPipeProcessUnhandledWait
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4079065440-0
                                                                                                                                                                                    • Opcode ID: fb719caa39f3c35a4a72c5dbac4308df78698f5bbed5254c744d911ae48ff080
                                                                                                                                                                                    • Instruction ID: 20a1bd19867ed0c443d6a3320e6dfcb85c0cae381ac9385c667fd21c520090b7
                                                                                                                                                                                    • Opcode Fuzzy Hash: fb719caa39f3c35a4a72c5dbac4308df78698f5bbed5254c744d911ae48ff080
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4721C8F19003049FDB00AF19DC8699ABBE5FF94314F01806EF8158B352DB719915DFA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D71C00 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00D71C40,?,00D65A26,?,00000000,?,00D61045,00000000,00000000), ref: 00D71C11
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3192549508-0
                                                                                                                                                                                    • Opcode ID: fcd751cc6cec8c4184d835c42c5417f91587f368a9cd5bb9e78f2fab73523c53
                                                                                                                                                                                    • Instruction ID: 5ace7894740de3f26252d0804ffd737d4c8a7333340b4ef183ce0594bec60380
                                                                                                                                                                                    • Opcode Fuzzy Hash: fcd751cc6cec8c4184d835c42c5417f91587f368a9cd5bb9e78f2fab73523c53
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BD0A7E5DC534C2DFB0623E87F07B54BA881320748F088154F50C34152FAD6216C5273
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB97FB Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 59157d7a3e04e4bca9250d6b8505b587c627c42d0fc274febe3a00804225cc96
                                                                                                                                                                                    • Instruction ID: 7e084fcfa5d0b10ecb79c1c379debff4c434fb28c96a2c2401b3857923dfedb7
                                                                                                                                                                                    • Opcode Fuzzy Hash: 59157d7a3e04e4bca9250d6b8505b587c627c42d0fc274febe3a00804225cc96
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8CE08C32911238EBCB18DB98C94498AF3ECEB45B00B111096F605E3111C270DE00CBD0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9DC60 Relevance: 47.4, APIs: 4, Strings: 23, Instructions: 134COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9DCC5
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9DE75
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9DE87
                                                                                                                                                                                      • Part of subcall function 00E994E7: EnterCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E994F2
                                                                                                                                                                                      • Part of subcall function 00E994E7: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E9952F
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9DEC2
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalInit_thread_footerInit_thread_headerSection$EnterLeave
                                                                                                                                                                                    • String ID: Apr$April$Aug$August$Dec$December$Feb$February$Jan$January$Jul$July$Jun$June$Mar$March$May$Nov$November$Oct$October$Sep$September
                                                                                                                                                                                    • API String ID: 2234156424-4155687352
                                                                                                                                                                                    • Opcode ID: 035fce8ddce1d303a0adcd4025a8300502642e1bed7d52e34684b3cb2d1aaada
                                                                                                                                                                                    • Instruction ID: 935d3950bb152f2683e001203a00383f291bc5c9af8bbc2c532ebf459154d699
                                                                                                                                                                                    • Opcode Fuzzy Hash: 035fce8ddce1d303a0adcd4025a8300502642e1bed7d52e34684b3cb2d1aaada
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6B41A574780340A7CB08FB64481BFA97A51FB96B20F14122DF1073B3D3DAB65A41E67A
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D72FE0 Relevance: 44.1, APIs: 8, Strings: 17, Instructions: 359COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: Invalid app id type$No all users information$No copy only information$No install path information$No version information$Subfolder not a string$The root is not a dictionary$_all_users$_subfolder$app_id$app_id$copy_only$files$path$product$root_files$version
                                                                                                                                                                                    • API String ID: 4218353326-1502408593
                                                                                                                                                                                    • Opcode ID: 4caae7deae22135a6b444efabb7406656c6b402e07fc2c1183cef21e42752fa1
                                                                                                                                                                                    • Instruction ID: 559b5f3405ab302d0d1bfca94abe85701c28ff35371e4915f8e191173d58fd92
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4caae7deae22135a6b444efabb7406656c6b402e07fc2c1183cef21e42752fa1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FC1B1B1608310ABDB159F10C842A6F7BE5EFD5754F04881CF88A67352E632EE06D7B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D75160 Relevance: 35.5, APIs: 5, Strings: 15, Instructions: 476fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00DC24E0: GetFileAttributesW.KERNELBASE(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DC2551
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00000000), ref: 00D75429
                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00D75444
                                                                                                                                                                                      • Part of subcall function 00DC2320: GetFileAttributesW.KERNELBASE(FFFFFFFF,?,00000000), ref: 00DC2391
                                                                                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000), ref: 00D755EC
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00D755F9
                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000000), ref: 00D75612
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$Attributes$Copy
                                                                                                                                                                                    • String ID: does not exist.$ to $../../opera/desktop/windows/installer/transactions/copy_file_operation.cc$Cannot create a folder to place the file in.$Cannot delete the already existing file to make room for the copied file.$Copying $Could not CopyFile because of an error: $Could not clear the RO attribute of file$Could not get file attributes on destination because of an error: $Couldn't clear RO attribute of $File copied successfully$File copy failed $One of the paths is too long.$One of the paths references parent.$The source file
                                                                                                                                                                                    • API String ID: 1180250742-1397660437
                                                                                                                                                                                    • Opcode ID: a7206170aaf355335ec417f558944b5883ca53150edd60bef0eb07006c5dfe76
                                                                                                                                                                                    • Instruction ID: be2f74e83a41f44546acbcaeff9b1d4d06ff2a89e6f6018efa26a35781fa7a40
                                                                                                                                                                                    • Opcode Fuzzy Hash: a7206170aaf355335ec417f558944b5883ca53150edd60bef0eb07006c5dfe76
                                                                                                                                                                                    • Instruction Fuzzy Hash: 94F1E271600B00AFDB24DF60D886F66B7A5EF55310F08852DE88E5B293EBB1E945C772
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D73A08 Relevance: 35.3, APIs: 9, Strings: 11, Instructions: 331COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: Invalid shortcut type $SC_DEST_COMMON_DESKTOP$SC_DEST_COMMON_MENU$SC_DEST_COMMON_PROMOTED$SC_DEST_DESKTOP$SC_DEST_MENU$SC_DEST_PROMOTED$SC_DEST_QUICK_LAUNCH$Shorcut path is not a string$Shortcuts not a dictionary$shortcuts
                                                                                                                                                                                    • API String ID: 4218353326-1783663760
                                                                                                                                                                                    • Opcode ID: a354cb7203fe2dd95dd487b3f5af087431052c2883ee25a2c952661b5af9c2a3
                                                                                                                                                                                    • Instruction ID: 9f7f0775c470e6e781527c3856fa5a6f354816a68c89236903271ed341be26c5
                                                                                                                                                                                    • Opcode Fuzzy Hash: a354cb7203fe2dd95dd487b3f5af087431052c2883ee25a2c952661b5af9c2a3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3DC1F171608340ABDB45EB20C841A7FB7E0AF95718F08991CF8D9A7282E731DA06D773
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D8B3C0 Relevance: 35.2, APIs: 2, Strings: 18, Instructions: 214COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D8B74D
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D8B7B2
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: $$D$D$H$H$T$\$`$`$`$`$d$l$l$l$t$t$t
                                                                                                                                                                                    • API String ID: 4092853384-516125810
                                                                                                                                                                                    • Opcode ID: c34a53af9ab168d61620f44378b3d034046419e557f1e8ca1549edd73293b5a0
                                                                                                                                                                                    • Instruction ID: 0eb07c83972a4ea41ada5071ed3874756428a14cd69ba2d0e73ff5006c179790
                                                                                                                                                                                    • Opcode Fuzzy Hash: c34a53af9ab168d61620f44378b3d034046419e557f1e8ca1549edd73293b5a0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B919FF0900209AFC704EF18D94AF9A7FF4FB44714F06811DE4156B3A2DBB29A44AFA5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9D880 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 104COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9D8E5
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9D9FF
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9DA11
                                                                                                                                                                                      • Part of subcall function 00E994E7: EnterCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E994F2
                                                                                                                                                                                      • Part of subcall function 00E994E7: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E9952F
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9DA4C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalInit_thread_footerInit_thread_headerSection$EnterLeave
                                                                                                                                                                                    • String ID: Fri$Friday$Mon$Monday$Sat$Saturday$Sun$Sunday$Thu$Thursday$Tue$Tuesday$Wed$Wednesday
                                                                                                                                                                                    • API String ID: 2234156424-525747235
                                                                                                                                                                                    • Opcode ID: bcc309e9ca81135ed001880dc5cb6386705add6f0f90b2c7a7e4de17b1e73732
                                                                                                                                                                                    • Instruction ID: bf1f4f996cfa338cd39e02dd5211b8b12ed3228fd13b445ff114b07c462a66d1
                                                                                                                                                                                    • Opcode Fuzzy Hash: bcc309e9ca81135ed001880dc5cb6386705add6f0f90b2c7a7e4de17b1e73732
                                                                                                                                                                                    • Instruction Fuzzy Hash: 123196757803409BCB08BB689A17FA97A53F751720F95422DF1063B3C3CAB26A41E676
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9DA70 Relevance: 31.6, APIs: 4, Strings: 14, Instructions: 104COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9DAD5
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9DBEF
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9DC01
                                                                                                                                                                                      • Part of subcall function 00E994E7: EnterCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E994F2
                                                                                                                                                                                      • Part of subcall function 00E994E7: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E9952F
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9DC3C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalInit_thread_footerInit_thread_headerSection$EnterLeave
                                                                                                                                                                                    • String ID: Fri$Friday$Mon$Monday$Sat$Saturday$Sun$Sunday$Thu$Thursday$Tue$Tuesday$Wed$Wednesday
                                                                                                                                                                                    • API String ID: 2234156424-525747235
                                                                                                                                                                                    • Opcode ID: 3fda44e8c9e9af8e15531d4c1d4eb1e2e155ef29c58ee79c4933a5f47d86c2c5
                                                                                                                                                                                    • Instruction ID: 6e8ec51334193a852d31a8b648208613898179259bc5850365c62b032bd3e8ed
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3fda44e8c9e9af8e15531d4c1d4eb1e2e155ef29c58ee79c4933a5f47d86c2c5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 57315B3D7C030097CB00FB64984BBA97662DB83710F04426EF191377D3DA74AA41A6B6
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D63696 Relevance: 30.2, APIs: 1, Strings: 16, Instructions: 457COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: $(Arg0)$../../opera/desktop/windows/assistant/installer/assistant_installer.cc$Autoupdate $Could not create scheduled task$Could not initialize task scheduler$Creating scheduled task$Finalizing the installation$Keeps Opera Browser Assistant up to date$Setting autoupdate task error counter to : $assistant$au_task_error_count$component-name$component-path$installer_prefs.json$launcher.exe$scheduledautoupdate
                                                                                                                                                                                    • API String ID: 4218353326-2181512856
                                                                                                                                                                                    • Opcode ID: a53ab14a426fbc9f270c8cff9ac720a439f1b4c3ae6c9de090645ead8df0839e
                                                                                                                                                                                    • Instruction ID: 9977c3b1f8cba9d360400d8ad1285751c12b17f0b9f07e81b39bfdf652a239f5
                                                                                                                                                                                    • Opcode Fuzzy Hash: a53ab14a426fbc9f270c8cff9ac720a439f1b4c3ae6c9de090645ead8df0839e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DF1D4716047409FDB20AB74C846FABB7E6FF85310F04492DF49697282EB71AA05CB71
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7B734 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 283memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CoTaskMemAlloc.OLE32(000003E8), ref: 00D7B7AD
                                                                                                                                                                                    • CharNextW.USER32(00000000), ref: 00D7B8EF
                                                                                                                                                                                    • CharNextW.USER32(00000000), ref: 00D7B918
                                                                                                                                                                                    • CoTaskMemFree.OLE32(FFFFFFFF), ref: 00D7BA8D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharNextTask$AllocFree
                                                                                                                                                                                    • String ID: }}$HKCR$HKCU{Software{Classes
                                                                                                                                                                                    • API String ID: 1038441216-1142484189
                                                                                                                                                                                    • Opcode ID: 2aba62ea2bb0e643a51c1a8eb8a1892b416290d4afe5707b71cf35d429a8a560
                                                                                                                                                                                    • Instruction ID: 7a3e38474744e34777f8ba381e9ced693d494803ac47288f025fa3af94f0d3d4
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2aba62ea2bb0e643a51c1a8eb8a1892b416290d4afe5707b71cf35d429a8a560
                                                                                                                                                                                    • Instruction Fuzzy Hash: 87A170715043019FD710AF64C880B6AB7E8FF58324F18892EF989E7251F774D9448BB2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D741C0 Relevance: 28.3, APIs: 7, Strings: 9, Instructions: 284COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: HKCU$Registry value is not a dictionary$clean$data$name$path$type$values$wow6432
                                                                                                                                                                                    • API String ID: 4218353326-3483028338
                                                                                                                                                                                    • Opcode ID: 573d48e97dfd9157360d342348a50a0975368bdfe347cdeee304d2f787f6882d
                                                                                                                                                                                    • Instruction ID: 20aed5b05ee6737692a7ec530064676090be22ea9271bc05bd53fd7a6b6d2dca
                                                                                                                                                                                    • Opcode Fuzzy Hash: 573d48e97dfd9157360d342348a50a0975368bdfe347cdeee304d2f787f6882d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 22A19DB16043409BDB11EF14C8819AFB7E9EFC5314F04892DF99A5B252EB71ED05CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D876B4 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 199COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: _all_users$_subfolder$app_id$components$copy_only$path$product$version
                                                                                                                                                                                    • API String ID: 4218353326-1886481470
                                                                                                                                                                                    • Opcode ID: efc220cea3de5649a20fc85614005d2e5ea489341d82aedd0c16c08a9fc1bab4
                                                                                                                                                                                    • Instruction ID: de5fac9bf9951f504eec56adcd179f0fb47e341f7ed1193ca66354ab8b0d74db
                                                                                                                                                                                    • Opcode Fuzzy Hash: efc220cea3de5649a20fc85614005d2e5ea489341d82aedd0c16c08a9fc1bab4
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2651A6B1E042145BDF44EA68988ADAB7BADEF84310B090468F84AFB343D631ED15C7F1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D61340 Relevance: 24.8, APIs: 3, Strings: 11, Instructions: 276COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00DA4730: _strlen.LIBCMT ref: 00DA4751
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D6140A
                                                                                                                                                                                      • Part of subcall function 00DA12A0: _strlen.LIBCMT ref: 00DA12D0
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D6146A
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D61540
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: allusers$autoupdate$copyonly$installer$installfolder$internal-version$post-elevated-install-tasks$run-assistant$stream$uninstall$version
                                                                                                                                                                                    • API String ID: 4218353326-966510985
                                                                                                                                                                                    • Opcode ID: bda49be90db934003a3a3cf038dd81fd35f8c5230b1c89f5aae3e70643e9092c
                                                                                                                                                                                    • Instruction ID: 3916c5671d0d8d4908c375a3b6c19bd611c7774f94b60e7f7ecdff838ccb13df
                                                                                                                                                                                    • Opcode Fuzzy Hash: bda49be90db934003a3a3cf038dd81fd35f8c5230b1c89f5aae3e70643e9092c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5F91D6B46107805BDB20AF71C982A7BB7E5EF85700B08442DF88797A82EB71F909C771
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7ADD0 Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 215COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00D7AC60: InitializeCriticalSectionEx.KERNEL32(-0000000C,00000000,00000000,00000000,?,00D7A9BB,?,00D7A76B,?), ref: 00D7AC69
                                                                                                                                                                                      • Part of subcall function 00D7AC60: GetLastError.KERNEL32(?,00D7A9BB,?,00D7A76B,?), ref: 00D7AC73
                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00D7AEBE
                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?), ref: 00D7AED4
                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00D60000,?,00000104), ref: 00D7AF1E
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00D7AFAB
                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00D7AFBA
                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00D7B05B
                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,Module,?), ref: 00D7B073
                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00D7B081
                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,Module_Raw,?), ref: 00D7B0A0
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalSection$Enter$Leave$Module$ErrorFileHandleInitializeLastName
                                                                                                                                                                                    • String ID: "$MZx$Module$Module_Raw$REGISTRY
                                                                                                                                                                                    • API String ID: 2998937331-1297953865
                                                                                                                                                                                    • Opcode ID: 35418c3dd8f684b38b2be26e7bd3a90646df2bf0ca1ec4bf08d01fb18d1c5723
                                                                                                                                                                                    • Instruction ID: f8844a52340fdc204c4543c3eb0d3e0ecd5479be66acf7f02dc2515126f8e012
                                                                                                                                                                                    • Opcode Fuzzy Hash: 35418c3dd8f684b38b2be26e7bd3a90646df2bf0ca1ec4bf08d01fb18d1c5723
                                                                                                                                                                                    • Instruction Fuzzy Hash: B57126B2A04305ABD7209B24CC45BBFB3A8AFC5314F19C42DF949AB241FB75D90587B6
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D64C11 Relevance: 23.2, APIs: 1, Strings: 12, Instructions: 480COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00D64CC2
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentProcess
                                                                                                                                                                                    • String ID: " | FIND /c /i ".exe"$:again$IF %PID_RUNNING%==TRUE ($IF %PID_RUNNING%==TRUE GOTO :again$IF ERRORLEVEL 1 SET PID_RUNNING=FALSE$SET PID_RUNNING=TRUE$TASKLIST /FI "PID eq $del "$del %0 & rmdir "$k.bat$ping -n 2 127.0.0.1$z
                                                                                                                                                                                    • API String ID: 2050909247-3545446152
                                                                                                                                                                                    • Opcode ID: dd7aad234d0518534784a6f1d53a54b79d2e757759531c719c3f23fa618e92d9
                                                                                                                                                                                    • Instruction ID: b7533cb7bb8579522f7b15dffb1457c16d3289fac62557e01b765abb8053fa03
                                                                                                                                                                                    • Opcode Fuzzy Hash: dd7aad234d0518534784a6f1d53a54b79d2e757759531c719c3f23fa618e92d9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 70F1B171704740AFCB14FB24C896A6EBBA5EFC9710F08442DF4869B392DA74D945C7B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC1610 Relevance: 23.0, APIs: 7, Strings: 6, Instructions: 282fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00DED42A,?,?,00000000,?,?,?,00000000), ref: 00DC17D9
                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(00DED42A,00000000,?,?,?,00000000), ref: 00DC1800
                                                                                                                                                                                    • DeleteFileW.KERNEL32(00DED42A,?,?,?,00000000), ref: 00DC181A
                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(00DED42A), ref: 00DC1875
                                                                                                                                                                                      • Part of subcall function 00DC3870: SetFileAttributesW.KERNEL32(FFFFFFFF,?,?,?,?,?,?,?,?), ref: 00DC398A
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000), ref: 00DC1884
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00DED42A,?,00000000,?,?,?,00000000), ref: 00DC18B9
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,00000000), ref: 00DC18E7
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$Attributes$ErrorLast$DeleteDirectoryRemove
                                                                                                                                                                                    • String ID: *$../../base/files/file_util_win.cc$DeleteFile.NonRecursive$DeleteFile.Recursive$DeleteFileAndRecordMetrics$DoDeleteFile
                                                                                                                                                                                    • API String ID: 1056033459-924194139
                                                                                                                                                                                    • Opcode ID: 4aaf3d6e18b06a0d54d222fc102467ba8f4fa4a01af2216e0423c39777cef38c
                                                                                                                                                                                    • Instruction ID: c24e17fa3265653a264a52f2ed5a81e45e07fcc9397283250b950bf4cfb56cf3
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4aaf3d6e18b06a0d54d222fc102467ba8f4fa4a01af2216e0423c39777cef38c
                                                                                                                                                                                    • Instruction Fuzzy Hash: EBB1D275A08791ABD7209F28C845B6BBBD1AFC2320F144A1DF4E5833D2EB74D945CB62
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7ADE0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 221COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00D7AC60: InitializeCriticalSectionEx.KERNEL32(-0000000C,00000000,00000000,00000000,?,00D7A9BB,?,00D7A76B,?), ref: 00D7AC69
                                                                                                                                                                                      • Part of subcall function 00D7AC60: GetLastError.KERNEL32(?,00D7A9BB,?,00D7A76B,?), ref: 00D7AC73
                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00D7D12C
                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?), ref: 00D7D142
                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00D60000,?,00000104), ref: 00D7D188
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00D7D230
                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00D7D23F
                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00D7D2E0
                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,Module,?), ref: 00D7D2F8
                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00D7D306
                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,Module_Raw,?), ref: 00D7D325
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalSection$Enter$Leave$Module$ErrorFileHandleInitializeLastName
                                                                                                                                                                                    • String ID: "$Module$Module_Raw$REGISTRY
                                                                                                                                                                                    • API String ID: 2998937331-3881418485
                                                                                                                                                                                    • Opcode ID: e53826e05e0e55893d462b98d543fdebcc608b68f6bf9fb8a1d6e25139e5c1aa
                                                                                                                                                                                    • Instruction ID: aa51023594fb7af7611834e1630b878afeb8e9d5792f52ae28b34199e8779fcc
                                                                                                                                                                                    • Opcode Fuzzy Hash: e53826e05e0e55893d462b98d543fdebcc608b68f6bf9fb8a1d6e25139e5c1aa
                                                                                                                                                                                    • Instruction Fuzzy Hash: 337126B2A04345ABD720DF20CC45BAB73BAAF85314F19842CF94D67242FB75D90587B6
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB57DF Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 308COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 00EB58DA
                                                                                                                                                                                    • type_info::operator==.LIBVCRUNTIME ref: 00EB5901
                                                                                                                                                                                    • ___TypeMatch.LIBVCRUNTIME ref: 00EB5A0D
                                                                                                                                                                                    • CatchIt.LIBVCRUNTIME ref: 00EB5A62
                                                                                                                                                                                    • IsInExceptionSpec.LIBVCRUNTIME ref: 00EB5AE8
                                                                                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00EB5B6F
                                                                                                                                                                                    • CallUnexpected.LIBVCRUNTIME ref: 00EB5B8A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExceptionSpec$CallCatchFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                    • String ID: 8b$csm$csm$csm$oU
                                                                                                                                                                                    • API String ID: 4234981820-1221423355
                                                                                                                                                                                    • Opcode ID: 177ae7a1499ceb6f72d8d59f7419b72cabab9e1111b3cd2dac3fb67c6f1456a1
                                                                                                                                                                                    • Instruction ID: e7df224521ffec990a207a1c271aa0b3c561e3effd734c71c514e402392eeb42
                                                                                                                                                                                    • Opcode Fuzzy Hash: 177ae7a1499ceb6f72d8d59f7419b72cabab9e1111b3cd2dac3fb67c6f1456a1
                                                                                                                                                                                    • Instruction Fuzzy Hash: B8C18A72900A09EFCF29DFA4C881AEFBBB5BF48314F04655AE8117B252D731DA51CB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC65B0 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 98synchronizationCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(5D5B5F5E,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DC65CE
                                                                                                                                                                                    • TerminateProcess.KERNEL32(CD5C2137,^_[],5D5B5F5E,?), ref: 00DC65DA
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00DC65F0
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00D70FA3,00000000), ref: 00DC65F8
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00D70FA3,00000000), ref: 00DC6604
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,0000EA60,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00DC6614
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00DC6632
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,0000EA60), ref: 00DC6642
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00DC664E
                                                                                                                                                                                    • GetExitCodeProcess.KERNEL32(00000000,FFFFFFFF), ref: 00DC667D
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00DC6690
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Process$Current$ObjectSingleWait$CodeErrorExitLastTerminate
                                                                                                                                                                                    • String ID: ^_[]
                                                                                                                                                                                    • API String ID: 2432511979-568551382
                                                                                                                                                                                    • Opcode ID: ea79b910938f88ece59454161870edd35859f391053b7760d666d75b99539792
                                                                                                                                                                                    • Instruction ID: 2a48cf807d10febf3561e6ba34c613913c5f24b39bd69664542d7085384b872d
                                                                                                                                                                                    • Opcode Fuzzy Hash: ea79b910938f88ece59454161870edd35859f391053b7760d666d75b99539792
                                                                                                                                                                                    • Instruction Fuzzy Hash: AD31A67064534A9FE7349BB4D90CF6A7BB8AF41704F18845CF58697190CB34E880EB72
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DFB360 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 260COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00F150D8,?,00000008,00F150F4,?,00DFC05F,00000010,?,?), ref: 00DFB399
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00F150D8), ref: 00DFB59D
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00F150D8,?,?,00000008,00F150F4,?,00DFC05F,00000010,?,?), ref: 00DFB5FC
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DFB6A9
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DFB6CD
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../base/threading/scoped_blocking_call_internal.cc, xrefs: 00DFB65C
                                                                                                                                                                                    • MonitorNextJankWindowIfNecessary, xrefs: 00DFB661
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$Release$AcquireInit_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: ../../base/threading/scoped_blocking_call_internal.cc$MonitorNextJankWindowIfNecessary
                                                                                                                                                                                    • API String ID: 1756964227-4084575106
                                                                                                                                                                                    • Opcode ID: ff3cba9e56921ed01cd2c2aa0d02f65fcbbfb9fcb06e938721f8b6f21fcc3968
                                                                                                                                                                                    • Instruction ID: 2879a06378f3a833fe7b7c596f21f747de94ccd6f59dce7633ed3ebd724f66b8
                                                                                                                                                                                    • Opcode Fuzzy Hash: ff3cba9e56921ed01cd2c2aa0d02f65fcbbfb9fcb06e938721f8b6f21fcc3968
                                                                                                                                                                                    • Instruction Fuzzy Hash: FAB13871E0074ACFC704CF68C8917B9B3E1FF98720F26C22AE91957392D770A99497A1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D84EA0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 130comCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CoCreateInstance.OLE32(00ED61B4,00000000,00000017,00ECD4A8,-00000020), ref: 00D84EC8
                                                                                                                                                                                    • CoAllowSetForegroundWindow.OLE32(?,00000000), ref: 00D84EDF
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • http, xrefs: 00D84F15
                                                                                                                                                                                    • page=SettingsPageAppsDefaults&target=%ls, xrefs: 00D84F92
                                                                                                                                                                                    • mailto, xrefs: 00D84F48
                                                                                                                                                                                    • Browser, xrefs: 00D84F2B
                                                                                                                                                                                    • SettingsPageAppsDefaultsProtocolView, xrefs: 00D84F76
                                                                                                                                                                                    • windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel, xrefs: 00D84EF1, 00D84FAF
                                                                                                                                                                                    • SystemSettings_DefaultApps_%ls, xrefs: 00D84F63
                                                                                                                                                                                    • page=SettingsPageAppsDefaults, xrefs: 00D84EEC
                                                                                                                                                                                    • Email, xrefs: 00D84F5E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AllowCreateForegroundInstanceWindow
                                                                                                                                                                                    • String ID: Browser$Email$SettingsPageAppsDefaultsProtocolView$SystemSettings_DefaultApps_%ls$http$mailto$page=SettingsPageAppsDefaults$page=SettingsPageAppsDefaults&target=%ls$windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
                                                                                                                                                                                    • API String ID: 14021637-918448973
                                                                                                                                                                                    • Opcode ID: feede14de7cd7f1a18c172d0be4534e3ddbd3a070488cb3523756fa46da820ea
                                                                                                                                                                                    • Instruction ID: b3f5d43d3ce278f15a4595e2ce6d11b7c6dd995bd38b8276081ca2166e004743
                                                                                                                                                                                    • Opcode Fuzzy Hash: feede14de7cd7f1a18c172d0be4534e3ddbd3a070488cb3523756fa46da820ea
                                                                                                                                                                                    • Instruction Fuzzy Hash: 02417FB0A44319AFDB11EFA0CD85FAAB7B8EF04754F044069FA45BB242D662AD05C771
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC1C60 Relevance: 17.9, APIs: 6, Strings: 4, Instructions: 418COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(FFFFFFFF), ref: 00DC1D9A
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000,?,?,?,FFFFFFFE,?,?,FFFFFFFF,?,?,?,00000000), ref: 00DC1F51
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,FFFFFFFE,?,?,FFFFFFFF,?,?), ref: 00DC1FFD
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00DC20C1
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$DirectoryExists$DoCopyDirectory$PathExists
                                                                                                                                                                                    • API String ID: 3188754299-3776415229
                                                                                                                                                                                    • Opcode ID: 756d36d98cf8c7e2b2f523e2043adb9c195e40b9813bfa34d4d7ff1a2e63f9cd
                                                                                                                                                                                    • Instruction ID: b159dfc733ae0a8adb525258b8e5efa578b26e5c4165eac1e47c364bace87473
                                                                                                                                                                                    • Opcode Fuzzy Hash: 756d36d98cf8c7e2b2f523e2043adb9c195e40b9813bfa34d4d7ff1a2e63f9cd
                                                                                                                                                                                    • Instruction Fuzzy Hash: F7F1B071608392AAD620AF248885BBFB7A4EFD6760F040B1DF5E5632C2DB709506C773
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D805DD Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 112memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00D805FE
                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,0000000A,?), ref: 00D80608
                                                                                                                                                                                      • Part of subcall function 00D71B9C: GetLastError.KERNEL32(00000000,?,-00000001,?,00D712C9,00000000), ref: 00D71BAB
                                                                                                                                                                                      • Part of subcall function 00D71B9C: SetLastError.KERNEL32(00000000,?,00D712C9,00000000), ref: 00D71BCA
                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,00000000,?,?), ref: 00D8063A
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D80644
                                                                                                                                                                                    • LocalAlloc.KERNEL32(00000040,?), ref: 00D80654
                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 00D80670
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D8068C
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D806D9
                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 00D80721
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../opera/desktop/windows/common/access_control/access_control_utils_impl.cc, xrefs: 00D806B4, 00D806F9
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$Token$InformationLocalProcess$AllocCurrentFreeOpen
                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/common/access_control/access_control_utils_impl.cc
                                                                                                                                                                                    • API String ID: 2525985394-4103139186
                                                                                                                                                                                    • Opcode ID: dda153b926dd448aadc1f998790050de1734e870b4c18085b6fdce93757f7fce
                                                                                                                                                                                    • Instruction ID: 5a2f228a5e194cd95b36bce4e66b5ca24879b73822be569952f4659756805adf
                                                                                                                                                                                    • Opcode Fuzzy Hash: dda153b926dd448aadc1f998790050de1734e870b4c18085b6fdce93757f7fce
                                                                                                                                                                                    • Instruction Fuzzy Hash: 17416C71A00319EBEB60AFA09C46FAE7B79FF45710F004158F906A72C1EB715955CB72
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7CBA0 Relevance: 16.8, APIs: 11, Instructions: 295stringregistryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00D7BADE: CharNextW.USER32(?,00000000,75BFA7D0,?,00000000,?,80004005), ref: 00D7BB07
                                                                                                                                                                                      • Part of subcall function 00D7BADE: CharNextW.USER32(?,00000000,75BFA7D0,?,00000000,?,80004005), ref: 00D7BB1D
                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,00EC8380,?,?,?,?), ref: 00D7CBF1
                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,00EC8384), ref: 00D7CC01
                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,00EC8388), ref: 00D7CC11
                                                                                                                                                                                    • lstrcmpiW.KERNEL32(?,00EC838C), ref: 00D7CC21
                                                                                                                                                                                    • CharNextW.USER32(?), ref: 00D7CC86
                                                                                                                                                                                    • CharNextW.USER32(?), ref: 00D7CDC5
                                                                                                                                                                                    • CharNextW.USER32(00000000), ref: 00D7CDDC
                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,00000000,00000007,?,-00000002,-00000002), ref: 00D7CE30
                                                                                                                                                                                    • VarUI4FromStr.OLEAUT32(?,00000000,00000000,?), ref: 00D7CE81
                                                                                                                                                                                    • RegSetValueExW.ADVAPI32(?,?,00000000,00000004,?,00000004), ref: 00D7CEAF
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharNext$lstrcmpi$Value$From
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2620931725-0
                                                                                                                                                                                    • Opcode ID: 68993a4c5dd2a8391e4651e37779125756c687cded92ed8b75c6fa6c5e17b469
                                                                                                                                                                                    • Instruction ID: b3ffef1f067ef0c592e2e901cf64272b06335a356705da5ae3632cad2a644e68
                                                                                                                                                                                    • Opcode Fuzzy Hash: 68993a4c5dd2a8391e4651e37779125756c687cded92ed8b75c6fa6c5e17b469
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2AA1E371A102159FDB309B10CC86BA977B5EF64700F0490ADFA09A7280FB749E91DBB1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E567CA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 248COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileInformationByHandleEx.KERNEL32(?,00000002,00000000,00000210,?), ref: 00E56816
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00E56986
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?,?), ref: 00E56A52
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?,?), ref: 00E56A9C
                                                                                                                                                                                    • PostQueuedCompletionStatus.KERNEL32(00006461,00000000,?,00000000,?,?), ref: 00E56AAE
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?,?), ref: 00E56AB5
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/exception_handler_server.cc, xrefs: 00E56840
                                                                                                                                                                                    • \\.\pipe, xrefs: 00E568E3
                                                                                                                                                                                    • GetFileInformationByHandleEx, xrefs: 00E5684F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease$CompletionFileHandleInformationPostQueuedStatus
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/exception_handler_server.cc$GetFileInformationByHandleEx$\\.\pipe
                                                                                                                                                                                    • API String ID: 3092314435-838569524
                                                                                                                                                                                    • Opcode ID: fdc19223416cb96f4c56ad94a28f2bb16ba6b83908232517c719cd5135266344
                                                                                                                                                                                    • Instruction ID: b2c1384662a04b68c1e5c5cb5c10716ec83222eae8ff0438efa5e8b94e892110
                                                                                                                                                                                    • Opcode Fuzzy Hash: fdc19223416cb96f4c56ad94a28f2bb16ba6b83908232517c719cd5135266344
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5CA190B15007009FD710DF39C881A56BBE4FF58314F108A6EE89A9B752E731F91ACBA1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D80C20 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 179COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetNamedSecurityInfoW.ADVAPI32(?,?,?,?,?,?,?,?), ref: 00D80C91
                                                                                                                                                                                    • GetExplicitEntriesFromAclW.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 00D80CC2
                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00D80CE2
                                                                                                                                                                                    • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00D80CF0
                                                                                                                                                                                    • EqualSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?), ref: 00D80DB3
                                                                                                                                                                                    • EqualSid.ADVAPI32(FFFFFFFF,?,?,?,?,?,?,?,?,?,?), ref: 00D80DF0
                                                                                                                                                                                    • FreeSid.ADVAPI32(FFFFFFFF,?,?,?,?,?,?,?,?,?), ref: 00D80E07
                                                                                                                                                                                    • FreeSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?), ref: 00D80E20
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../opera/desktop/windows/common/access_control/access_control_utils_impl.cc, xrefs: 00D80D4C
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Free$EqualLocal$EntriesExplicitFromInfoNamedSecurity
                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/common/access_control/access_control_utils_impl.cc
                                                                                                                                                                                    • API String ID: 3814160775-4103139186
                                                                                                                                                                                    • Opcode ID: 43c8d03bf89c23301fe27dca8cd61be61042fe5cf6f141698c036328158be9af
                                                                                                                                                                                    • Instruction ID: 40c876444e21da31e99c39ac59cfbcc8bc558b5af18d2232ba01674289d870cc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 43c8d03bf89c23301fe27dca8cd61be61042fe5cf6f141698c036328158be9af
                                                                                                                                                                                    • Instruction Fuzzy Hash: D2717D71900259DFDB20DFA4C944BEEBBB4BF48310F04459AE809B7251D774AA89CFB1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D744A0 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 175COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: No name in a registry key value$No type information on a registry key value$Registry value is not a dictionary$data$name$type
                                                                                                                                                                                    • API String ID: 4218353326-1085468316
                                                                                                                                                                                    • Opcode ID: 7d94a6b478aacd34131c926f955ae3364b8f65c48f02724dcf3fb3fa197c9e60
                                                                                                                                                                                    • Instruction ID: f717310b53e61af2a7778aa0bb96e8df198bb5da2f4de6a434cd20ad065de5d2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7d94a6b478aacd34131c926f955ae3364b8f65c48f02724dcf3fb3fa197c9e60
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8951F3B1604340ABCB14EF18C8819AFF7E9EFC5310F04892DF99A67252E771E905C762
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC2DF0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00DC2E6C
                                                                                                                                                                                    • SetLastError.KERNEL32(00000050), ref: 00DC2E8D
                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00DC2F54
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC2F64
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 00DC2FDC
                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 00DC300E
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$AttributesFile$CreateDirectory
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$CreateDirectoryAndGetError$DirectoryExists
                                                                                                                                                                                    • API String ID: 3677629684-252988939
                                                                                                                                                                                    • Opcode ID: 866088b6bbb68bc582606a92336b68f867baea12af85f09dcaac4250f72cfc03
                                                                                                                                                                                    • Instruction ID: 4b446b376c0d796eeb8e96a2b59bb07de0e3479861288111f4d2e97ed0cb48ab
                                                                                                                                                                                    • Opcode Fuzzy Hash: 866088b6bbb68bc582606a92336b68f867baea12af85f09dcaac4250f72cfc03
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E5104715043829BD7209F24C841B7BB7A4BFD6720F144B1DF9E5A72C1EB70A905CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E44980 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 161libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E449A5
                                                                                                                                                                                    • EventRegister.ADVAPI32(?,00E44AA0,00000000,00000018,?,?,?,?,?,00E4496A,Google.Chrome,00ED8194,00E02FF0,00000000), ref: 00E44A0E
                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,api-ms-win-eventing-provider-l1-1-0.dll,FFFFFFFF), ref: 00E44A2C
                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,advapi32.dll,FFFFFFFF), ref: 00E44A3E
                                                                                                                                                                                    • GetProcAddress.KERNEL32(FFFFFFFF,EventSetInformation), ref: 00E44A50
                                                                                                                                                                                    • FreeLibrary.KERNEL32(FFFFFFFF), ref: 00E44A76
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • api-ms-win-eventing-provider-l1-1-0.dll, xrefs: 00E44A25
                                                                                                                                                                                    • EventSetInformation, xrefs: 00E44A48
                                                                                                                                                                                    • advapi32.dll, xrefs: 00E44A37
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: HandleModule$AddressEventFreeLibraryProcRegister_strlen
                                                                                                                                                                                    • String ID: EventSetInformation$advapi32.dll$api-ms-win-eventing-provider-l1-1-0.dll
                                                                                                                                                                                    • API String ID: 2182669159-147808218
                                                                                                                                                                                    • Opcode ID: 20416a89c9c45aba1f727efad46a55f70a5d32a22977e14096e3dc80a0096550
                                                                                                                                                                                    • Instruction ID: 38602496d6085545a4cea9b6eaa62afeb9c825dc00cc4f6dbff191dc17c8b2f2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 20416a89c9c45aba1f727efad46a55f70a5d32a22977e14096e3dc80a0096550
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E51D1B27403099FDB208F55EC44AAB7BE9FF88754B014129F849A7390E771EC10EBA4
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDE1C4 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 156libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00D63696: _strlen.LIBCMT ref: 00D636AD
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00DDE274
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?), ref: 00DDE345
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,SetUnhandledExceptionFilter), ref: 00DDE355
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen$AddressHandleModuleProc
                                                                                                                                                                                    • String ID: /prefetch:7$SetUnhandledExceptionFilter$fallback-handler$kernel32.dll$test-child-process$type
                                                                                                                                                                                    • API String ID: 3627888737-2824896278
                                                                                                                                                                                    • Opcode ID: 31836d59383e21c9bf105c2a9ea86b8377701e0976a43967309bd19df69e9b21
                                                                                                                                                                                    • Instruction ID: d60a19e8c8a8b057f4c1565aaa1284e363deb4cb0387039151d80d1acd7b81ca
                                                                                                                                                                                    • Opcode Fuzzy Hash: 31836d59383e21c9bf105c2a9ea86b8377701e0976a43967309bd19df69e9b21
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3851E2B16043516BDB11FF74D882A6F7B99EF91310F04042DF486A7382EB21DA0986B3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D738E2 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 107COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D73906
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D73932
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D7398D
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D739B4
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D739E8
                                                                                                                                                                                      • Part of subcall function 00D741C0: _strlen.LIBCMT ref: 00D74297
                                                                                                                                                                                      • Part of subcall function 00D741C0: _strlen.LIBCMT ref: 00D742BF
                                                                                                                                                                                      • Part of subcall function 00D741C0: _strlen.LIBCMT ref: 00D742E3
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: HKCU$HKLM$No registry dictionary$registry
                                                                                                                                                                                    • API String ID: 4218353326-1611147590
                                                                                                                                                                                    • Opcode ID: 5f695b51de903df1cdfb03cac1da446f00558748f3bbf6d28b93afe75dadbcb3
                                                                                                                                                                                    • Instruction ID: 382434bc91b3c51067d50f7088fd922212e23da55194189786b58301d198cf30
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f695b51de903df1cdfb03cac1da446f00558748f3bbf6d28b93afe75dadbcb3
                                                                                                                                                                                    • Instruction Fuzzy Hash: E2316FF19002189BDF10AA509C42AEF776DEB45314F095018FE4A3B283E6369A15D7B1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E1CDD8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 83COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetVersion.KERNEL32 ref: 00E1CDF1
                                                                                                                                                                                    • InitializeCriticalSectionEx.KERNEL32(?,00000000,10000000), ref: 00E1CE3F
                                                                                                                                                                                    • InitializeCriticalSection.KERNEL32(?), ref: 00E1CE9A
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00E1CEBE
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E1CEF1
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • InitializeCriticalSectionEx, xrefs: 00E1CE7D
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/critical_section_with_debug_info.cc, xrefs: 00E1CE6B
                                                                                                                                                                                    • kernel32.dll, xrefs: 00E1CEDA
                                                                                                                                                                                    • ::InitializeCriticalSectionEx, xrefs: 00E1CED5
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalInitializeSection$Init_thread_footerInit_thread_headerVersion
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/critical_section_with_debug_info.cc$::InitializeCriticalSectionEx$InitializeCriticalSectionEx$kernel32.dll
                                                                                                                                                                                    • API String ID: 668362183-4281794248
                                                                                                                                                                                    • Opcode ID: 993868499c199198c1a414bb32dddcec21e529ec2c1b2aaf4b6b275285da58f1
                                                                                                                                                                                    • Instruction ID: bc4b6af77cc0d79df8f1a4cdc432816ca993a59d1ecd866972b3abe529e91490
                                                                                                                                                                                    • Opcode Fuzzy Hash: 993868499c199198c1a414bb32dddcec21e529ec2c1b2aaf4b6b275285da58f1
                                                                                                                                                                                    • Instruction Fuzzy Hash: E2213331A80344ABDB20A7A4DC07FFE3395EB85710F105026FD06BB3C2E774A881A663
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDC770 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 82sleepthreadCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • Sleep.KERNEL32(00000001), ref: 00DDC795
                                                                                                                                                                                    • SleepEx.KERNEL32(000000FF,00000000), ref: 00DDC7F8
                                                                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00DDC7FE
                                                                                                                                                                                    • SetEvent.KERNEL32 ref: 00DDC81F
                                                                                                                                                                                    • Sleep.KERNEL32(0000EA60), ref: 00DDC82A
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(../../third_party/crashpad/crashpad/client/crashpad_client_win.cc,000000AF,00000002), ref: 00DDC874
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • crash server failed to launch, self-terminating, xrefs: 00DDC7D8
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/client/crashpad_client_win.cc, xrefs: 00DDC7C6, 00DDC84D
                                                                                                                                                                                    • crash server did not respond, self-terminating, xrefs: 00DDC85F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Sleep$Current$EventProcessThread
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/client/crashpad_client_win.cc$crash server did not respond, self-terminating$crash server failed to launch, self-terminating
                                                                                                                                                                                    • API String ID: 1277712822-2636089577
                                                                                                                                                                                    • Opcode ID: 62029338c24eea3aeca9dd311ea4c7c80ea2a4bad68a11928b011625304fa6e3
                                                                                                                                                                                    • Instruction ID: 171266303a326e0357a3c87b5e1cb2f63e075cef9a659577d601451590a66468
                                                                                                                                                                                    • Opcode Fuzzy Hash: 62029338c24eea3aeca9dd311ea4c7c80ea2a4bad68a11928b011625304fa6e3
                                                                                                                                                                                    • Instruction Fuzzy Hash: AD214932B503196BEB20AB60EC06B9D37A5EB45710F054022F604FB3D2EB71A945DFA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC4730 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 174fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateFileW.KERNEL32(FFFFFFFF,FFFFFFFF,FFFFFFFF,00000000,00000000,FFFFFFFF,00000000,?,00000000), ref: 00DC4893
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC48A1
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DC48D8
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC48E8
                                                                                                                                                                                    • SetLastError.KERNEL32(00000057,?,00000000), ref: 00DC48FE
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC492F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$CreateFile
                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$DoInitialize
                                                                                                                                                                                    • API String ID: 1722934493-2688016777
                                                                                                                                                                                    • Opcode ID: b380af3e141935c7e4c32a138278db874361a6375b23a27778672c3be44552d4
                                                                                                                                                                                    • Instruction ID: d0a53f699bfdddfa4141bbfc131ed92c8279082ed2b16754f25310ae8c88addc
                                                                                                                                                                                    • Opcode Fuzzy Hash: b380af3e141935c7e4c32a138278db874361a6375b23a27778672c3be44552d4
                                                                                                                                                                                    • Instruction Fuzzy Hash: D6512572E003619BEB108F28CC91B5AB7D1EFC5320F1A462DE98597281CBB4DD0187A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC3660 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 132COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • MoveFileExW.KERNEL32(00D767D1,?,00000003,?,00000000), ref: 00DC3706
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC3716
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00D767D1,?,00000000), ref: 00DC3782
                                                                                                                                                                                    • SetLastError.KERNEL32(?), ref: 00DC3839
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFileLast$AttributesMove
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$CopyAndDeleteDirectory$DirectoryExists$MoveUnsafe
                                                                                                                                                                                    • API String ID: 3621388860-3041496909
                                                                                                                                                                                    • Opcode ID: deb71bf3f4f449d8633993a70e1125ea5d567ad47dbfd033d5a9ac420b019b08
                                                                                                                                                                                    • Instruction ID: d52ea59342309a5f9dff3b58ecb3797fa6923aab61164d85363521628e8cd349
                                                                                                                                                                                    • Opcode Fuzzy Hash: deb71bf3f4f449d8633993a70e1125ea5d567ad47dbfd033d5a9ac420b019b08
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4151F471604381ABD3209B28CC46BBAB3A5FFD6724F10871DF5E5572C2DBB09646C7A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D87C46 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 107COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: clean$path$values$wow6432
                                                                                                                                                                                    • API String ID: 4218353326-118893013
                                                                                                                                                                                    • Opcode ID: 208836c9f33dd068d6166412b3e2399ed87a6310c33003b98b458b39a58591be
                                                                                                                                                                                    • Instruction ID: 5302bf925532c8083665eb227ed1fa12964dfb4632391804d8b8bf5a1cc8b475
                                                                                                                                                                                    • Opcode Fuzzy Hash: 208836c9f33dd068d6166412b3e2399ed87a6310c33003b98b458b39a58591be
                                                                                                                                                                                    • Instruction Fuzzy Hash: 153196B1E002059BDF10FFA898469EFB7E9EF88310F150829F856A7352D631ED1587B1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7CFC2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 66libraryloaderregistryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,?,00000000,?,?,00D7C6CA,?), ref: 00D7CFE0
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyTransactedW), ref: 00D7CFF0
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(Advapi32.dll,?,00000000,?,?,00D7C6CA,?), ref: 00D7D013
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00D7D023
                                                                                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00D7D05C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressHandleModuleProc$Delete
                                                                                                                                                                                    • String ID: Advapi32.dll$RegDeleteKeyExW$RegDeleteKeyTransactedW
                                                                                                                                                                                    • API String ID: 2668475584-1053001802
                                                                                                                                                                                    • Opcode ID: 12cf67dde1d95bc4872f411f8ea65fafcff9d52db56e29fc8bb336376d360087
                                                                                                                                                                                    • Instruction ID: c5d593f1549a9b1c15226c6d99178cef7c64774f4afc88d43fa21c9da9b433ce
                                                                                                                                                                                    • Opcode Fuzzy Hash: 12cf67dde1d95bc4872f411f8ea65fafcff9d52db56e29fc8bb336376d360087
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5511B274244358FBEB305B25DC4DF627BBAFF45754F19D02CB94AA2090EAB1D802E671
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E99230 Relevance: 13.6, APIs: 9, Instructions: 129memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00D62504,00D62506,00000000,00000000,CD5C2137,00000000,?,00000000,Function_0013BD70,00F0E718,000000FE,?,00D62504,WQL), ref: 00E992B9
                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,00D62504,?,00000000,00000000), ref: 00E99334
                                                                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00E9933F
                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00E99368
                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00E99372
                                                                                                                                                                                    • GetLastError.KERNEL32(80070057,CD5C2137,00000000,?,00000000,Function_0013BD70,00F0E718,000000FE,?,00D62504,WQL), ref: 00E99377
                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00E9938A
                                                                                                                                                                                    • GetLastError.KERNEL32(00000000,?,?,?,?,?,SELECT * FROM Win32_Process WHERE ExecutablePath = '), ref: 00E993A0
                                                                                                                                                                                    • _com_issue_error.COMSUPP ref: 00E993B3
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1353541977-0
                                                                                                                                                                                    • Opcode ID: baa00895b2d01fc1b28bda49858986ab90a5e3bf6b5987da5652422fc64bf597
                                                                                                                                                                                    • Instruction ID: b73f967374f8246a69bf10329a4c45e985bfb85ee80884b1f8e1ac51bb9d80fd
                                                                                                                                                                                    • Opcode Fuzzy Hash: baa00895b2d01fc1b28bda49858986ab90a5e3bf6b5987da5652422fc64bf597
                                                                                                                                                                                    • Instruction Fuzzy Hash: C141D0B1A00709ABDF10DFA89C46BAE7BA8EB48714F10522DF805F72D2DB35990097B1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DA4020 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 186libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(api-ms-win-downlevel-shell32-l1-1-0.dll,00000000,00000800,?,?,?,?,?,?,?,?,00000000,05332E88), ref: 00DA4072
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CommandLineToArgvW), ref: 00DA4085
                                                                                                                                                                                    • CommandLineToArgvW.SHELL32(?,00000000,?,?,?,?,?,?,?,?,00000000,05332E88), ref: 00DA409F
                                                                                                                                                                                    • LocalFree.KERNEL32(00000000,?), ref: 00DA41C7
                                                                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00DA41D5
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • CommandLineToArgvW, xrefs: 00DA407F
                                                                                                                                                                                    • api-ms-win-downlevel-shell32-l1-1-0.dll, xrefs: 00DA406D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FreeLibrary$AddressArgvCommandLineLoadLocalProc
                                                                                                                                                                                    • String ID: CommandLineToArgvW$api-ms-win-downlevel-shell32-l1-1-0.dll
                                                                                                                                                                                    • API String ID: 787947344-3353834106
                                                                                                                                                                                    • Opcode ID: 3ed82536b1c2393797b004daa171ace9d524d85194d356ffc28f52c703d128b6
                                                                                                                                                                                    • Instruction ID: 30e2f187e1b17cfe985cd92f2c3e92d24c5a95b1d7a4a355272e07aaaf24e352
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3ed82536b1c2393797b004daa171ace9d524d85194d356ffc28f52c703d128b6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D51AFB1E012199FDF00DFA8CC44BAEBBF9BF99310F154029E801B7240D7B4A905CBA5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D6E648 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strncpy.LIBCMT ref: 00D6E6F1
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D6E738
                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00D6E7B7
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@_strlen_strncpy
                                                                                                                                                                                    • String ID: %s%s %s$%s:%s$[%03u.%03u] $[printf format error]
                                                                                                                                                                                    • API String ID: 3471477319-1858063255
                                                                                                                                                                                    • Opcode ID: 05a0a815a56f3ea54fec8646bffd312684500e01c99ada1f2fb55c07f84f079b
                                                                                                                                                                                    • Instruction ID: 3f716b601b9490641918dc4c0f5b0c44eb2664587fbd8512e8350f74924cec20
                                                                                                                                                                                    • Opcode Fuzzy Hash: 05a0a815a56f3ea54fec8646bffd312684500e01c99ada1f2fb55c07f84f079b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4D5128B2A043406BEB10AF64DD82F6BB7EDEFD5310F04452DF844E7292EA71D91486B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E22F68 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 148COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: has duplicate key $ requires KEY=VALUE$!#$, discarding value $../../third_party/crashpad/crashpad/handler/handler_main.cc
                                                                                                                                                                                    • API String ID: 4218353326-1788819352
                                                                                                                                                                                    • Opcode ID: 2705320ca087a252f5e836ab789e91df5e0a5950e129f240f45614d823a820f1
                                                                                                                                                                                    • Instruction ID: 97b0f9a7f85f29b1f6dc2f0148fcfd7274886e6527cb1934c6ab5acc2a396d26
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2705320ca087a252f5e836ab789e91df5e0a5950e129f240f45614d823a820f1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0841E7B18043647BDA20AB60DC42FAFBBA8DF91754F04442DF88977283E6716719C6B3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D63C9C Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 111processCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateProcessW.KERNEL32 ref: 00D63D83
                                                                                                                                                                                    • GetLastError.KERNEL32(../../opera/desktop/windows/assistant/installer/assistant_installer.cc,000000FF,00000002), ref: 00D63DE6
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateErrorLastProcess
                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/assistant/installer/assistant_installer.cc$CreateProcess failed w/err $D$Running Assistant$browser_assistant.exe
                                                                                                                                                                                    • API String ID: 2919029540-1647775276
                                                                                                                                                                                    • Opcode ID: 73cac9da9d94d530fe5154e2dcbc43f73c7cbd18a47449a59c5d3671d6be3e18
                                                                                                                                                                                    • Instruction ID: 1b87d8458c13a8ffcebc2df96d3112e3f6a8b7637e60ad9ca7c7365ea09cbbe8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 73cac9da9d94d530fe5154e2dcbc43f73c7cbd18a47449a59c5d3671d6be3e18
                                                                                                                                                                                    • Instruction Fuzzy Hash: E3411E71E147445BD720AB308C42BAFB7E5EFC9710F004A2DF9D567282EB709A45CAA3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E57776 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 108registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegisterWaitForSingleObject.KERNEL32(?,?,?,?,000000FF,00000000), ref: 00E5779F
                                                                                                                                                                                    • RegisterWaitForSingleObject.KERNEL32(00000000,?,?,?,000000FF,00000000), ref: 00E577FD
                                                                                                                                                                                    • RegisterWaitForSingleObject.KERNEL32(?,?,?,?,000000FF,00000008), ref: 00E57858
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/exception_handler_server.cc, xrefs: 00E577C6, 00E57824, 00E5787F
                                                                                                                                                                                    • RegisterWaitForSingleObject crash dump requested, xrefs: 00E577D8
                                                                                                                                                                                    • RegisterWaitForSingleObject process end, xrefs: 00E57891
                                                                                                                                                                                    • RegisterWaitForSingleObject non-crash dump requested, xrefs: 00E57836
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ObjectRegisterSingleWait
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/exception_handler_server.cc$RegisterWaitForSingleObject crash dump requested$RegisterWaitForSingleObject non-crash dump requested$RegisterWaitForSingleObject process end
                                                                                                                                                                                    • API String ID: 1092942010-4009962794
                                                                                                                                                                                    • Opcode ID: fdd6ef2a25142b1ee47d81c5e702e2c9f557607ee7c9bc769b83812b0f7850ff
                                                                                                                                                                                    • Instruction ID: 63a2c3d5ae6b7097b48cf320f233f8ce429c885442929026df6bb86bc8453204
                                                                                                                                                                                    • Opcode Fuzzy Hash: fdd6ef2a25142b1ee47d81c5e702e2c9f557607ee7c9bc769b83812b0f7850ff
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4931EA317403287BEE246BA19C07FAA772EDF45724F440529FA45762C3EB70AA58C672
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC6E30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 84synchronizationthreadCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetThreadId.KERNEL32(?), ref: 00DC6E4A
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC6E60
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000), ref: 00DC6F00
                                                                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00DC6F0D
                                                                                                                                                                                    • CloseHandle.KERNEL32(?,?), ref: 00DC6F46
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Join, xrefs: 00DC6EE1
                                                                                                                                                                                    • ../../base/threading/platform_thread_win.cc, xrefs: 00DC6EDC
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseHandle$ErrorLastObjectSingleThreadWait
                                                                                                                                                                                    • String ID: ../../base/threading/platform_thread_win.cc$Join
                                                                                                                                                                                    • API String ID: 2286813250-821740204
                                                                                                                                                                                    • Opcode ID: a92beee8e4708f4b9303094c5bdb5ad2e8844801c2cc26431d41e8b429b6d07d
                                                                                                                                                                                    • Instruction ID: ddb83e4397abc18933a47cafcff12c358b59c2f6776d57191a267307e64f5810
                                                                                                                                                                                    • Opcode Fuzzy Hash: a92beee8e4708f4b9303094c5bdb5ad2e8844801c2cc26431d41e8b429b6d07d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8021B170414389ABC710EFA4DC059AEBBA8FF85370F104B1DF9A5462D1EB71D605CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC32A0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 84fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateFileW.KERNEL32 ref: 00DC3330
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC3341
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DC3357
                                                                                                                                                                                    • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 00DC3370
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DC339B
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$File$CreateWrite
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$WriteFile
                                                                                                                                                                                    • API String ID: 148983963-2054578350
                                                                                                                                                                                    • Opcode ID: 4139de08171e39077fb18c2bc9585759c43b10c41722eced4a55409765f543b8
                                                                                                                                                                                    • Instruction ID: 0ee141c3112d4c6ad594b3463da460fc4edf28aa49ae1ad0a4c513c78b1cb6fe
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4139de08171e39077fb18c2bc9585759c43b10c41722eced4a55409765f543b8
                                                                                                                                                                                    • Instruction Fuzzy Hash: B831EF72900385ABC710AF38CC45A6EB7A8FFC6730F104B1DF9A0A32D1DB70994587A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC23C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 80fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(00D63FCC,?,00000000), ref: 00DC2430
                                                                                                                                                                                    • CreateFileW.KERNEL32(00D63FCC,00D63FCC,00000007,00000000,00000003,02000000,00000000), ref: 00DC2459
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,-7FFFFFFF), ref: 00DC2465
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DC2478
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DC2491
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • PathHasAccess, xrefs: 00DC240D
                                                                                                                                                                                    • ../../base/files/file_util_win.cc, xrefs: 00DC2408
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$File$AttributesCreate
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$PathHasAccess
                                                                                                                                                                                    • API String ID: 3969751566-2396493888
                                                                                                                                                                                    • Opcode ID: 00e1bf9b5b947678ae4b8a5921cb4c774b5367401f8f113e2d744a7e5d85c30c
                                                                                                                                                                                    • Instruction ID: 74c331bd5eb5e9af464c4a74d899aff92919adead0efe1e2ced706aed95d7a81
                                                                                                                                                                                    • Opcode Fuzzy Hash: 00e1bf9b5b947678ae4b8a5921cb4c774b5367401f8f113e2d744a7e5d85c30c
                                                                                                                                                                                    • Instruction Fuzzy Hash: B32138715043456BD710AB38DC86B7A7768EFD6730F10071DF9A5A71C1EF64980686A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC8440 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DC848D
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00DAA24E,00000004,?), ref: 00DC84AF
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 00DC84BB
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00DC84CE
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DC84F9
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressCurrentHandleInit_thread_footerInit_thread_headerModuleProcProcess
                                                                                                                                                                                    • String ID: GetProcessMitigationPolicy$kernel32.dll
                                                                                                                                                                                    • API String ID: 3099737979-1680159014
                                                                                                                                                                                    • Opcode ID: 6556ea365068e87a316395347f673e32a64404ded5d44e49deb55fe04cfa3b5b
                                                                                                                                                                                    • Instruction ID: dbaa9c25a5d8ebff4c1f274dc746a9a71fc6694fb71ea4f1c2eda011f7eac1ea
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6556ea365068e87a316395347f673e32a64404ded5d44e49deb55fe04cfa3b5b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A115770A8120A5FD7149BB8ED56FE977A5FB51314F09402CE501A3281CE31A801A7A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D80EA0 Relevance: 12.3, APIs: 8, Instructions: 288memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FreeSid.ADVAPI32(00000000), ref: 00D810A2
                                                                                                                                                                                    • SetEntriesInAclW.ADVAPI32(00000001,?,?,00000000), ref: 00D810BD
                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 00D810D1
                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32 ref: 00D81133
                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 00D81189
                                                                                                                                                                                    • LocalFree.KERNEL32(?), ref: 00D811B1
                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000004,?,?,00D80DE5), ref: 00D8122C
                                                                                                                                                                                      • Part of subcall function 00D81273: AllocateAndInitializeSid.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,00000004,?,?,00D80DA3), ref: 00D812C3
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Free$AllocateInitializeLocal$EntriesInfoNamedSecurity
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1499235685-0
                                                                                                                                                                                    • Opcode ID: e7f4702a94b971f021b30b78ec06cb50c32c78de23c8c1b2b332192585869928
                                                                                                                                                                                    • Instruction ID: 5cf0931fb6731500ba22f1bba660f80cb85fb8d425c0aeb8a3fea1b4d3715a2a
                                                                                                                                                                                    • Opcode Fuzzy Hash: e7f4702a94b971f021b30b78ec06cb50c32c78de23c8c1b2b332192585869928
                                                                                                                                                                                    • Instruction Fuzzy Hash: 81B19F75A083418FC710EF68C98562FFBE9BF88710F058A2DF98597250D771E989CB62
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D800E0 Relevance: 12.1, APIs: 8, Instructions: 119memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00D800FC
                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,0000000A,?), ref: 00D80106
                                                                                                                                                                                      • Part of subcall function 00D71B9C: GetLastError.KERNEL32(00000000,?,-00000001,?,00D712C9,00000000), ref: 00D71BAB
                                                                                                                                                                                      • Part of subcall function 00D71B9C: SetLastError.KERNEL32(00000000,?,00D712C9,00000000), ref: 00D71BCA
                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000012(TokenIntegrityLevel),?,00000004,?,?), ref: 00D8014E
                                                                                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000013(TokenIntegrityLevel),?,00000004,?), ref: 00D80174
                                                                                                                                                                                    • DuplicateToken.ADVAPI32(?,00000001,?,?), ref: 00D80193
                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32 ref: 00D801F1
                                                                                                                                                                                    • CheckTokenMembership.ADVAPI32(?,?,?), ref: 00D80208
                                                                                                                                                                                    • FreeSid.ADVAPI32(?), ref: 00D8021C
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Token$ErrorInformationLastProcess$AllocateCheckCurrentDuplicateFreeInitializeMembershipOpen
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3176607045-0
                                                                                                                                                                                    • Opcode ID: 628325d036fa7907a864ff6cc5b53dc619526281c45255e55d91e8d156c4db71
                                                                                                                                                                                    • Instruction ID: 080081dbd9fe3ee32b4a19ad5f61b1473f174cafbab9d830ac9e193082f1d135
                                                                                                                                                                                    • Opcode Fuzzy Hash: 628325d036fa7907a864ff6cc5b53dc619526281c45255e55d91e8d156c4db71
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6341B271900309DFDB10AFA5CD49AEEBBB8FF49710F004129E501B61A0EB359949CB30
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D84A40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 244COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00D84AE8
                                                                                                                                                                                    • FindWindowExW.USER32(00000000,00000000,ApplicationFrameWindow,00000000), ref: 00D84AF6
                                                                                                                                                                                    • GetDesktopWindow.USER32 ref: 00D84BB5
                                                                                                                                                                                    • FindWindowExW.USER32(00000000,?,ApplicationFrameWindow,00000000), ref: 00D84BC4
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Window$DesktopFind
                                                                                                                                                                                    • String ID: ApplicationFrameWindow$http
                                                                                                                                                                                    • API String ID: 2454690640-1697478608
                                                                                                                                                                                    • Opcode ID: 5bb0f35abcb546bbba3e0b1eec26ca5a64b433eb2946a5260059faa4775f5a03
                                                                                                                                                                                    • Instruction ID: 12c2451c6ba8252b6773cebae5137407e044773b2f12a7a04cd03ffa5e35b773
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bb0f35abcb546bbba3e0b1eec26ca5a64b433eb2946a5260059faa4775f5a03
                                                                                                                                                                                    • Instruction Fuzzy Hash: DD8193B1E0130A9FDF14EFA8D881AAEBBF5EF54310F154429E815A7341DB70AA15CBB1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E20B4C Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 165COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00E20B68
                                                                                                                                                                                    • OpenProcess.KERNEL32(00000451,00000001,00000000), ref: 00E20B76
                                                                                                                                                                                      • Part of subcall function 00D71B9C: GetLastError.KERNEL32(00000000,?,-00000001,?,00D712C9,00000000), ref: 00D71BAB
                                                                                                                                                                                      • Part of subcall function 00D71B9C: SetLastError.KERNEL32(00000000,?,00D712C9,00000000), ref: 00D71BCA
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLastProcess$CurrentOpen
                                                                                                                                                                                    • String ID: --thread=$database$exception-pointers$process
                                                                                                                                                                                    • API String ID: 4145867261-852626237
                                                                                                                                                                                    • Opcode ID: 80eb06d33765656073f78ef09dc7f71c4bfe55513a760232d9b42ced2a6270d6
                                                                                                                                                                                    • Instruction ID: 6bd603d25f8a8317bd35acec9b8e9214757f1680a72f7ca2f074aa54fa36ff74
                                                                                                                                                                                    • Opcode Fuzzy Hash: 80eb06d33765656073f78ef09dc7f71c4bfe55513a760232d9b42ced2a6270d6
                                                                                                                                                                                    • Instruction Fuzzy Hash: D751E2B1508305AFDB11EF64D882AAFB7E5EF94314F00492DF0C5A2192EB71E649C7A3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC4C10 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 161fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateFileMappingW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00DC4CCF
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC4CE2
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DC4D1D
                                                                                                                                                                                    • MapViewOfFile.KERNEL32(?,?,?,?,?), ref: 00DC4DF9
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../base/files/memory_mapped_file_win.cc, xrefs: 00DC4C55
                                                                                                                                                                                    • MapFileRegionToMemory, xrefs: 00DC4C5A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFileLast$CreateMappingView
                                                                                                                                                                                    • String ID: ../../base/files/memory_mapped_file_win.cc$MapFileRegionToMemory
                                                                                                                                                                                    • API String ID: 2231327692-1672964651
                                                                                                                                                                                    • Opcode ID: 5bd264aa3fb8a7fedf1fdf3946ed16af156946f3269e43be310adc221f660d12
                                                                                                                                                                                    • Instruction ID: 14cc15bf3dee42bc20712474ad6c317a4f58d7ddfe49c72c56346fa81cfc6cc5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5bd264aa3fb8a7fedf1fdf3946ed16af156946f3269e43be310adc221f660d12
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9951DF71604342ABD710EF24C8A1B6BB7F6FBC5710F148A2EF58697291DB74E805CB62
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7BADE Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CharNextW.USER32(?,00000000,75BFA7D0,?,00000000,?,80004005), ref: 00D7BB07
                                                                                                                                                                                    • CharNextW.USER32(?,00000000,75BFA7D0,?,00000000,?,80004005), ref: 00D7BB1D
                                                                                                                                                                                    • CharNextW.USER32(00000000,?,00000000,75BFA7D0), ref: 00D7BB44
                                                                                                                                                                                    • CharNextW.USER32(00000000,?,00000000,75BFA7D0), ref: 00D7BB60
                                                                                                                                                                                    • CharNextW.USER32(00000000,?,00000000,75BFA7D0), ref: 00D7BB6B
                                                                                                                                                                                    • CharNextW.USER32(?,00000000,75BFA7D0,?,00000000,?,80004005), ref: 00D7BBEB
                                                                                                                                                                                    • CharNextW.USER32(?,?,00000000,75BFA7D0), ref: 00D7BC53
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CharNext
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3213498283-0
                                                                                                                                                                                    • Opcode ID: 2fd8c0ed92808702ec3bf986366cbb80f6e86222e0828c77bb8b497db94bb853
                                                                                                                                                                                    • Instruction ID: 396a75fb1a8e537cea45dde29c36f1ae5e6a657401e62645fc9f49deadd34293
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2fd8c0ed92808702ec3bf986366cbb80f6e86222e0828c77bb8b497db94bb853
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1841927460020A9FCB249F68C894B79B7F2FF94365B24C42EE8CAC7264FB745D419B61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E9BD70 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00E9BDA7
                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00E9BDAF
                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00E9BE38
                                                                                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00E9BE63
                                                                                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00E9BEB8
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                    • String ID: csm
                                                                                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                                                                                    • Opcode ID: d6466147d173962147507282d56d42996dd77b9027fdbbf8653fcbd03b97fd81
                                                                                                                                                                                    • Instruction ID: d8a7b6933a9ff74ca64193bde962f1a6f29c78924a98a0f96f6d92cac06461c0
                                                                                                                                                                                    • Opcode Fuzzy Hash: d6466147d173962147507282d56d42996dd77b9027fdbbf8653fcbd03b97fd81
                                                                                                                                                                                    • Instruction Fuzzy Hash: B241B034A0021CABCF10DF68D981AEEBBF9EF44328F149095E914BB352D7319E11CB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DAD000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 107COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,Y0,Y0,CD5C2137,?,?,?,?,00E33059,00EDC218), ref: 00DAD021
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,00E33059,00EDC218), ref: 00DAD032
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,00E33059,00EDC218), ref: 00DAD09A
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                    • String ID: ../../base/metrics/field_trial.cc$NotifyFieldTrialGroupSelection$Y0
                                                                                                                                                                                    • API String ID: 1021914862-1149224351
                                                                                                                                                                                    • Opcode ID: 8d1dbbb1d40557205adb96c59b282cee028845840a64796bf4ea2b94cf5628e0
                                                                                                                                                                                    • Instruction ID: 12389f82a6509268933d8c7c50dc3618a064f0c400d7b74745cf15ae87a9e2e6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8d1dbbb1d40557205adb96c59b282cee028845840a64796bf4ea2b94cf5628e0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1231DFB0E00258AFDF259F60D885FAE3BB9AB4A304F080049F8066B642D775A946C7B1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC6CC0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 106threadCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00100000,00DC7020,00000000,00010000,00000000), ref: 00DC6D0B
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?), ref: 00DC6D22
                                                                                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?), ref: 00DC6D4E
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DC6DD2
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DC6DFC
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • create_thread_last_error, xrefs: 00DC6DE5
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseCreateErrorHandleInit_thread_footerInit_thread_headerLastThread
                                                                                                                                                                                    • String ID: create_thread_last_error
                                                                                                                                                                                    • API String ID: 1016829980-3219933969
                                                                                                                                                                                    • Opcode ID: 979bc4c77c55725fca7d9b65b3ad98d9b737e652136a935b44ad96f87b091567
                                                                                                                                                                                    • Instruction ID: f5e7cd92e5f2a172919c332b2406ead97edc717c53327e77a690dd29c9516acb
                                                                                                                                                                                    • Opcode Fuzzy Hash: 979bc4c77c55725fca7d9b65b3ad98d9b737e652136a935b44ad96f87b091567
                                                                                                                                                                                    • Instruction Fuzzy Hash: CA31E9B1B0420A9BDB119FA8DC95FAE77A4EB45710F09403DF806A7252D631EC45A7B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D87D74 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: data$name$type
                                                                                                                                                                                    • API String ID: 4218353326-3295437529
                                                                                                                                                                                    • Opcode ID: 8979c7608804dd30537e264fb79fe6d34f20481c9692502416a84ae92da2bc9f
                                                                                                                                                                                    • Instruction ID: 69d477c5fdd03863b6d9ad54b77648b66d2306b8d044f361a754307767e7580f
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8979c7608804dd30537e264fb79fe6d34f20481c9692502416a84ae92da2bc9f
                                                                                                                                                                                    • Instruction Fuzzy Hash: 093150B1E042559BCF04EF6898969ABBBB9EF4831071544A9F806FB342D631DD11CBF1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7B41A Relevance: 10.6, APIs: 7, Instructions: 101libraryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000060), ref: 00D7B461
                                                                                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002), ref: 00D7B472
                                                                                                                                                                                      • Part of subcall function 00D7B14F: GetLastError.KERNEL32(?,00D7B513), ref: 00D7B152
                                                                                                                                                                                    • FindResourceW.KERNEL32(00000000,?,?), ref: 00D7B489
                                                                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 00D7B497
                                                                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 00D7B4A9
                                                                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000003,00000000,?,00000000,?,00000000,00000001), ref: 00D7B4E1
                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00D7B516
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: LibraryLoadResource$ByteCharErrorFindFreeLastMultiSizeofWide
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3178495524-0
                                                                                                                                                                                    • Opcode ID: d105ac6b97afb1625f7c1d9de123cec73ea2a04b94b675b6c1a9febcc2b42834
                                                                                                                                                                                    • Instruction ID: f73f97619f426313535f4db14481d47970b97a8acbced659a8db88cc911fec69
                                                                                                                                                                                    • Opcode Fuzzy Hash: d105ac6b97afb1625f7c1d9de123cec73ea2a04b94b675b6c1a9febcc2b42834
                                                                                                                                                                                    • Instruction Fuzzy Hash: 983181B1A0021DABDB209B24DC45BEA77B9EF84324F14C066F90997281EB30CE81CB75
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D8792A Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 101COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D879A6
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D87A03
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D87A30
                                                                                                                                                                                      • Part of subcall function 00D87C46: _strlen.LIBCMT ref: 00D87C88
                                                                                                                                                                                      • Part of subcall function 00D87C46: _strlen.LIBCMT ref: 00D87CAE
                                                                                                                                                                                      • Part of subcall function 00D87C46: _strlen.LIBCMT ref: 00D87CF2
                                                                                                                                                                                      • Part of subcall function 00D87C46: _strlen.LIBCMT ref: 00D87D29
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: HKCU$HKLM$registry
                                                                                                                                                                                    • API String ID: 4218353326-714459249
                                                                                                                                                                                    • Opcode ID: 0b31ef5f6b59691b85393d1b0a3c95b7aacd3dc4f018bd4e32eb500034ebd488
                                                                                                                                                                                    • Instruction ID: 61b613b914cb47f3e589d590c845eec1da7078fb98cd01e3d2cbd078478ba036
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b31ef5f6b59691b85393d1b0a3c95b7aacd3dc4f018bd4e32eb500034ebd488
                                                                                                                                                                                    • Instruction Fuzzy Hash: 663186F1E002159BDF04EF7898869AEB7F5EB44310F154839E85AA7342E630AD1487F2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC7520 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 96registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateEventW.KERNEL32(?,?,?,?,00DC7DF6,CD5C2137,CD5C2137), ref: 00DC754E
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,00DC7DF6,CD5C2137,CD5C2137), ref: 00DC755B
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,00DC7DF6,CD5C2137,CD5C2137), ref: 00DC7598
                                                                                                                                                                                      • Part of subcall function 00DC8370: GetHandleVerifier.ASSISTANT_INSTALLER(?,?,00DC631A,?,00000000,?,00F14CF8,?,?,?,?,00DC648D,00000000), ref: 00DC8377
                                                                                                                                                                                    • RegNotifyChangeKeyValue.ADVAPI32(-0000000C,00000001,0000000F,?,00000001,00DC7DF6,CD5C2137,CD5C2137), ref: 00DC75D7
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast$ChangeCreateEventHandleNotifyValueVerifier
                                                                                                                                                                                    • String ID: ../../base/win/registry.cc$StartWatching
                                                                                                                                                                                    • API String ID: 2078779793-73839631
                                                                                                                                                                                    • Opcode ID: 04870e4c560dc05566e95caa8a9048f7ae0977fe83551a8821e31e840bcff76a
                                                                                                                                                                                    • Instruction ID: 2ed10f45974fa27c3e2939207290bea0a629afc423b36f40771d41f4f1da44f6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 04870e4c560dc05566e95caa8a9048f7ae0977fe83551a8821e31e840bcff76a
                                                                                                                                                                                    • Instruction Fuzzy Hash: BB31D2716003099BCB20AF64CD82FABB7A9FF05714F04482DF54A97252DB35E80ACB71
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC4AC0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 95fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateFileMappingW.KERNEL32 ref: 00DC4B50
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC4B5D
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DC4B9A
                                                                                                                                                                                      • Part of subcall function 00DC8370: GetHandleVerifier.ASSISTANT_INSTALLER(?,?,00DC631A,?,00000000,?,00F14CF8,?,?,?,?,00DC648D,00000000), ref: 00DC8377
                                                                                                                                                                                    • MapViewOfFile.KERNEL32 ref: 00DC4BE1
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../base/files/memory_mapped_file_win.cc, xrefs: 00DC4B03
                                                                                                                                                                                    • MapImageToMemory, xrefs: 00DC4B08
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFileLast$CreateHandleMappingVerifierView
                                                                                                                                                                                    • String ID: ../../base/files/memory_mapped_file_win.cc$MapImageToMemory
                                                                                                                                                                                    • API String ID: 1014098455-1841746395
                                                                                                                                                                                    • Opcode ID: f811bce54367bb7e5c539fd7b6d87954d66416502f67f26e35d5effd686ccd95
                                                                                                                                                                                    • Instruction ID: 90f0afbd45e40077dc86143c3c07cd2fe166daacfd93f5e30ae96871357690e9
                                                                                                                                                                                    • Opcode Fuzzy Hash: f811bce54367bb7e5c539fd7b6d87954d66416502f67f26e35d5effd686ccd95
                                                                                                                                                                                    • Instruction Fuzzy Hash: E631B0719047469BC310AF28C886A6AB7E5FFCA720F100B1EF5D693281EB70D905CB62
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC8510 Relevance: 10.6, APIs: 7, Instructions: 92COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DC856A
                                                                                                                                                                                    • GetVersionExW.KERNEL32(0000011C), ref: 00DC859C
                                                                                                                                                                                    • GetProductInfo.KERNEL32(?,?,00000000,00000000,00000000), ref: 00DC85BB
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DC8607
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DC8619
                                                                                                                                                                                      • Part of subcall function 00E994E7: EnterCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E994F2
                                                                                                                                                                                      • Part of subcall function 00E994E7: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E9952F
                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?), ref: 00DC8644
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DC8670
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalInfoInit_thread_footerInit_thread_headerSection$EnterLeaveNativeProductSystemVersion
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2982442099-0
                                                                                                                                                                                    • Opcode ID: 75a402a2ff0f4ffa293ad7a873d67c730e004595dfea287cfee711c2c9d306f1
                                                                                                                                                                                    • Instruction ID: dc4ab073e54ec7e820a5924e31a6af177b9cfa055670ffcb45567620d145b589
                                                                                                                                                                                    • Opcode Fuzzy Hash: 75a402a2ff0f4ffa293ad7a873d67c730e004595dfea287cfee711c2c9d306f1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8631FDB19043849BD310CB68EC42FEAB3E4FBC8310F05862DF95153292DB71A441ABA3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D69680 Relevance: 10.6, APIs: 7, Instructions: 88memoryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • AllocateAndInitializeSid.ADVAPI32 ref: 00D696E0
                                                                                                                                                                                    • GetNamedSecurityInfoW.ADVAPI32 ref: 00D69740
                                                                                                                                                                                    • BuildTrusteeWithSidW.ADVAPI32 ref: 00D69778
                                                                                                                                                                                    • SetEntriesInAclW.ADVAPI32 ref: 00D697A0
                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32 ref: 00D697CC
                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 00D697DC
                                                                                                                                                                                    • LocalFree.KERNEL32 ref: 00D697EC
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FreeInfoLocalNamedSecurity$AllocateBuildEntriesInitializeTrusteeWith
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 617183956-0
                                                                                                                                                                                    • Opcode ID: 4a02b55f7d0572d69ee5be7e64ace9313d7de51cad7dfa2edd93c3b27e628380
                                                                                                                                                                                    • Instruction ID: 7417b6fbdb56481f10f88b4f4d9c7a911258c2b8cd603a4cbcf2c1f1a951b320
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a02b55f7d0572d69ee5be7e64ace9313d7de51cad7dfa2edd93c3b27e628380
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0841F771818785CFD300DF69D64465AFBF4BF98354F009A2DF8D492260EB749589CB83
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB792E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID: api-ms-$ext-ms-
                                                                                                                                                                                    • API String ID: 0-537541572
                                                                                                                                                                                    • Opcode ID: 7af1b6d690aabca419925b832742cd31129a61a26a05a0a274f3c806d3b86184
                                                                                                                                                                                    • Instruction ID: d5b86a9cfcc15280e42762655412355bff668ac1e178b254078060eec2f05a4e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7af1b6d690aabca419925b832742cd31129a61a26a05a0a274f3c806d3b86184
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9221EB71A49324ABCB2247249C41BEB7758AFD5764F272121FC86B7A91E630ED00D6E1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D6D06C Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00D6CC90: _strlen.LIBCMT ref: 00D6CD83
                                                                                                                                                                                      • Part of subcall function 00EAD9B4: IsProcessorFeaturePresent.KERNEL32(00000017,00EB6F16,?,00EAC03F,?,?,?,00000000,?,?,00D6CEDF,?,?,?,00D9EE62,?), ref: 00EAD9D0
                                                                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00D6D098
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,RtlCaptureStackBackTrace), ref: 00D6D0A4
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressFeatureHandleModulePresentProcProcessor_strlen
                                                                                                                                                                                    • String ID: Bad variant access$RtlCaptureStackBackTrace$bad_variant_access.cc$ntdll.dll
                                                                                                                                                                                    • API String ID: 1358637221-3051016021
                                                                                                                                                                                    • Opcode ID: 744bb204f3d3b52f83ab9a681108f1b0b31d2de7052a711ca141f2e66e667df3
                                                                                                                                                                                    • Instruction ID: 2a87f70009baa8e8dc0a7b0b4684ccda71945ebfb8ea2d8eeb3b06401cf298b6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 744bb204f3d3b52f83ab9a681108f1b0b31d2de7052a711ca141f2e66e667df3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3ED017326843087BF60477E56F0BE163A5DE715B04FC26429BA1975982EDA3A10226A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB09A4 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetConsoleOutputCP.KERNEL32(?,00000000,?), ref: 00EB09EC
                                                                                                                                                                                    • __fassign.LIBCMT ref: 00EB0BD1
                                                                                                                                                                                    • __fassign.LIBCMT ref: 00EB0BEE
                                                                                                                                                                                    • WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00EB0C36
                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00EB0C76
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 00EB0D1E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileWrite__fassign$ConsoleErrorLastOutput
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1735259414-0
                                                                                                                                                                                    • Opcode ID: a8cfcb4cf1671fbe30151cd10aaaccd155d624b81880e0d647b2108a16833e4c
                                                                                                                                                                                    • Instruction ID: 4dae90acfe6e2c8bfce12f288c07c46a283df6e35912370f9d5f25a8ad5c4a8e
                                                                                                                                                                                    • Opcode Fuzzy Hash: a8cfcb4cf1671fbe30151cd10aaaccd155d624b81880e0d647b2108a16833e4c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9BC16D75D002599FCB15CFE8C8809EEBBB5AF48318F28916AE855F7242D631AD42CF60
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EACFD7 Relevance: 9.3, APIs: 6, Instructions: 301COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID:
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                    • Opcode ID: 15ed69687ee3b53b140b025056222cad9393e649ed59ee7014fc1901ef8d6c85
                                                                                                                                                                                    • Instruction ID: 8f6f6937d8e2342582889575cb8ce0241e2b97ad309763e44465e3a61a91eb51
                                                                                                                                                                                    • Opcode Fuzzy Hash: 15ed69687ee3b53b140b025056222cad9393e649ed59ee7014fc1901ef8d6c85
                                                                                                                                                                                    • Instruction Fuzzy Hash: A2C1BC70A08249AFDB15DF98CC80BAEBBF1BF4E314F055159E402BF6A2C770A941DB61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DCDDB0 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 464COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00DCDDEC
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DCE3CE
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                    • String ID: T/$l$z
                                                                                                                                                                                    • API String ID: 17069307-4240480437
                                                                                                                                                                                    • Opcode ID: fbe37b2b5f61a2807a11c9dc20a9f9624fec951ab3e203f8433630b8f91aa8db
                                                                                                                                                                                    • Instruction ID: 6c28f09e1b81200898148c8a625c49f163d5fc45bb6178778c8280e6b08b7e8f
                                                                                                                                                                                    • Opcode Fuzzy Hash: fbe37b2b5f61a2807a11c9dc20a9f9624fec951ab3e203f8433630b8f91aa8db
                                                                                                                                                                                    • Instruction Fuzzy Hash: 62027EB1A083429BD724DF14C881F9BB7E5EFD5710F188A1DF989A7241D770E909CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D80260 Relevance: 9.1, APIs: 6, Instructions: 125COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32 ref: 00D80305
                                                                                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,0000000A,?), ref: 00D8030F
                                                                                                                                                                                    • DuplicateToken.ADVAPI32(?,00000001,?,?), ref: 00D80338
                                                                                                                                                                                    • GetNamedSecurityInfoW.ADVAPI32 ref: 00D80387
                                                                                                                                                                                    • AccessCheck.ADVAPI32(?,?,?,?,?,?,?,?), ref: 00D803B5
                                                                                                                                                                                    • LocalFree.KERNEL32(00000000), ref: 00D803EC
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ProcessToken$AccessCheckCurrentDuplicateFreeInfoLocalNamedOpenSecurity
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1559206406-0
                                                                                                                                                                                    • Opcode ID: 626a0f3b9497c62ed6fa1ce323dfe6301cdd11b34f78539ad8512303dfe05c27
                                                                                                                                                                                    • Instruction ID: e25deb1801fefb9e54d626c3629af8baeaadeed2572a7c49eafdcdc2b3985013
                                                                                                                                                                                    • Opcode Fuzzy Hash: 626a0f3b9497c62ed6fa1ce323dfe6301cdd11b34f78539ad8512303dfe05c27
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5D419A71608345DFD710DF69C884A2FBBE4FB88354F008A2EF595A3250E771D949CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DB0100 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00F13F44,?,?,00DEDA32,?), ref: 00DB015D
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00F13F44,FFFFFFFF,00DEDA32), ref: 00DB01EF
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DB021D
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DB0255
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DB0267
                                                                                                                                                                                      • Part of subcall function 00E994E7: EnterCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E994F2
                                                                                                                                                                                      • Part of subcall function 00E994E7: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E9952F
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DB028B
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalExclusiveInit_thread_footerInit_thread_headerLockSection$AcquireEnterLeaveRelease
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 604925594-0
                                                                                                                                                                                    • Opcode ID: 64696a9684c0ec35c3714cd52e0121b337aef339865835f8216ea012747eded8
                                                                                                                                                                                    • Instruction ID: e542c497cd65a5a685a383793562cf5dbda127f72537cc80069b82daf929b897
                                                                                                                                                                                    • Opcode Fuzzy Hash: 64696a9684c0ec35c3714cd52e0121b337aef339865835f8216ea012747eded8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E41F5B0E00304DFC718DF68DC96ADABBB0FB54710F124168E406AB381D731AA46EB72
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E023A0 Relevance: 9.1, APIs: 6, Instructions: 99COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00E0249D
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E024C6
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00E024D8
                                                                                                                                                                                      • Part of subcall function 00E994E7: EnterCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E994F2
                                                                                                                                                                                      • Part of subcall function 00E994E7: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E9952F
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E02501
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00E02513
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00E0253C
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header$CriticalSection$EnterLeave
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1029325649-0
                                                                                                                                                                                    • Opcode ID: b9a552ab191a04457710bc44ad7a2b0afaa81a6477af6ba23440a995d5f8fbb9
                                                                                                                                                                                    • Instruction ID: c665abc5ef62303f5f8cef9e24eacd8825f03a62e4acdade0179f94cb0bd41a2
                                                                                                                                                                                    • Opcode Fuzzy Hash: b9a552ab191a04457710bc44ad7a2b0afaa81a6477af6ba23440a995d5f8fbb9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2831F8B0D00700DBD321DF68D846B9A33D1AB91B24F19916DD616773C2D6F1B8819B63
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB4F7C Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000001,00EB4F73,00E9BED4,00000011), ref: 00EB4F8A
                                                                                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00EB4F98
                                                                                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00EB4FB1
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00EB5003
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3852720340-0
                                                                                                                                                                                    • Opcode ID: 6bb9da94907f57b3c841f67e9f8254a2f26fe16fd639efb885de1b2a9189c5a8
                                                                                                                                                                                    • Instruction ID: 4bd0b8b7f421f862829d7f95122aa4b60e6efd25a6c70fcb591c6ab6e0800007
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bb9da94907f57b3c841f67e9f8254a2f26fe16fd639efb885de1b2a9189c5a8
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0601B57220D3179EA72627B4BC46EE73684EB01778721622DF520662E2FE114C117594
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC8770 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 267COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,00000000,0000011C,?,?,00DC85FC,0000011C,00F14C50,?), ref: 00DC87A7
                                                                                                                                                                                    • IsWow64Process.KERNEL32(00000000,00000000), ref: 00DC87BB
                                                                                                                                                                                      • Part of subcall function 00DC7730: RegOpenKeyExW.ADVAPI32(?,?,00000000,?,00000000), ref: 00DC775F
                                                                                                                                                                                      • Part of subcall function 00DC7730: RegCloseKey.ADVAPI32(00000000), ref: 00DC7772
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Process$CloseCurrentOpenWow64
                                                                                                                                                                                    • String ID: ReleaseId$SOFTWARE\Microsoft\Windows NT\CurrentVersion$UBR
                                                                                                                                                                                    • API String ID: 108380400-4060060583
                                                                                                                                                                                    • Opcode ID: cb68dbde1bd01af8c1b7960db9ea696dfbb303f76ed089e61857c28ac732cf1d
                                                                                                                                                                                    • Instruction ID: 3da963b8435c5c3747121286c3bde3fbe228b2a35a07c44ee5017200cb94d9db
                                                                                                                                                                                    • Opcode Fuzzy Hash: cb68dbde1bd01af8c1b7960db9ea696dfbb303f76ed089e61857c28ac732cf1d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BB193B06087819FD764CF28C494F67BBE1FF88304F144A1EE48A9B681DB74E945DB62
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E031C0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 241COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E03366
                                                                                                                                                                                      • Part of subcall function 00E02E80: _strlen.LIBCMT ref: 00E02F5F
                                                                                                                                                                                      • Part of subcall function 00E02E80: _strlen.LIBCMT ref: 00E02F95
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: ,$F6$__DISABLED_OTHER_EVENTS$__OTHER_EVENTS
                                                                                                                                                                                    • API String ID: 4218353326-3531640012
                                                                                                                                                                                    • Opcode ID: 83a95f941cfea31efe3f8c771ea0d4e98d7f191978474026da77f7349a44131f
                                                                                                                                                                                    • Instruction ID: b309927ab016ee5f83d0fcdb5430d315861d3a02946d5fddcadb0a08f8559949
                                                                                                                                                                                    • Opcode Fuzzy Hash: 83a95f941cfea31efe3f8c771ea0d4e98d7f191978474026da77f7349a44131f
                                                                                                                                                                                    • Instruction Fuzzy Hash: A2A1A1B1908340AFD711CF64C881A5FBBE8EFD4758F04981DF885672A1D770EA89CB92
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DE8290 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 208COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(000000D0), ref: 00DE82C6
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00DE83F1
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                    • String ID: ../../base/debug/activity_tracker.cc$RecordProcessExit$^_[]
                                                                                                                                                                                    • API String ID: 17069307-2666811147
                                                                                                                                                                                    • Opcode ID: e9f167e98114d3111567c912126633f71c7dd6114a2b04d44799b15449ffeab0
                                                                                                                                                                                    • Instruction ID: a5f979645958deb379dc0663a60367bfbc12e011445cf0eb2247be9565cc2d8b
                                                                                                                                                                                    • Opcode Fuzzy Hash: e9f167e98114d3111567c912126633f71c7dd6114a2b04d44799b15449ffeab0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A819EB06007419FDB20DF25C8C0B16B7E1FF19314F14856DE88A9B692DB71F849DBA1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DAA330 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(00000000,?,?,00000000), ref: 00DAA40F
                                                                                                                                                                                    • __fread_nolock.LIBCMT ref: 00DAA48E
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../base/files/file_util.cc, xrefs: 00DAA3BE
                                                                                                                                                                                    • ReadStreamToStringWithMaxSize, xrefs: 00DAA3C3
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileHandleInformation__fread_nolock
                                                                                                                                                                                    • String ID: ../../base/files/file_util.cc$ReadStreamToStringWithMaxSize
                                                                                                                                                                                    • API String ID: 860753551-4143436111
                                                                                                                                                                                    • Opcode ID: 25cb7e640637008e55c782d020d302d341e2bfece5945b1096f7c18d018f3f3d
                                                                                                                                                                                    • Instruction ID: 820508765dc423bd129eb2d84d34a2139570881e5b1f162aa69bd396b00831a8
                                                                                                                                                                                    • Opcode Fuzzy Hash: 25cb7e640637008e55c782d020d302d341e2bfece5945b1096f7c18d018f3f3d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1E61D471A043819BDB10DF28CC4176BBBE5AFCA314F144A2DF8899B281E7B5D945C7A3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC1AD0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 120fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ReplaceFileW.KERNEL32 ref: 00DC1BDC
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC1BE8
                                                                                                                                                                                    • MoveFileW.KERNEL32(FFFFFFFF,FFFFFFFF), ref: 00DC1C0D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$ErrorLastMoveReplace
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$ReplaceFileW
                                                                                                                                                                                    • API String ID: 3435996589-538166249
                                                                                                                                                                                    • Opcode ID: 278a4dfea86dfffa1d4055dbc5f212d601893bdf5bff841bee31318b988e4981
                                                                                                                                                                                    • Instruction ID: de31eb6765cdc1a3af279f69e7c36edccd13261a02096893ec396b05c3c3b27b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 278a4dfea86dfffa1d4055dbc5f212d601893bdf5bff841bee31318b988e4981
                                                                                                                                                                                    • Instruction Fuzzy Hash: C44116B1A043926BD710DF24CC41F6BB7A4EF96324F044A1DF9D5A7283FB71A94487A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E44E30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,?,00989680,?,00E1987A,?,?,00000028,?,?,?,?,00989680), ref: 00E44E4B
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,00E1987A,?,?,00000028,?,?,?,?,00989680), ref: 00E44E69
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,00E1987A,?,?,00000028,?,?,?,?,00989680), ref: 00E44EBB
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • AddDirectory, xrefs: 00E44F0E
                                                                                                                                                                                    • ../../base/files/important_file_writer_cleaner.cc, xrefs: 00E44F09
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$Release$Acquire
                                                                                                                                                                                    • String ID: ../../base/files/important_file_writer_cleaner.cc$AddDirectory
                                                                                                                                                                                    • API String ID: 1021914862-215382998
                                                                                                                                                                                    • Opcode ID: fe17e3a6c506938f38dbd10116cc0b7efe30425355477ea0db27190268ca39b9
                                                                                                                                                                                    • Instruction ID: 877b0c759aacb351f03111b6ed54f2e1a2043c19c5312efde734b7f7104261c1
                                                                                                                                                                                    • Opcode Fuzzy Hash: fe17e3a6c506938f38dbd10116cc0b7efe30425355477ea0db27190268ca39b9
                                                                                                                                                                                    • Instruction Fuzzy Hash: F531C2B1F00704ABDB04AF64E885BAEBBA5BF44308F452118F41A7B2C2D735AD1887E1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DAC850 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001200,00000000,00DACACF,00000000,?,00000100,00000000), ref: 00DAC90B
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00DAC929
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DAC991
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Error (0x%lX) while retrieving error. (0x%lX), xrefs: 00DAC999
                                                                                                                                                                                    • (0x%lX), xrefs: 00DAC91A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFormatLastMessage_strlen
                                                                                                                                                                                    • String ID: (0x%lX)$Error (0x%lX) while retrieving error. (0x%lX)
                                                                                                                                                                                    • API String ID: 2706427827-3206765257
                                                                                                                                                                                    • Opcode ID: 542bb65fbe389629235825924efbc39a74a7593a2bd5df543b1301489e39ebb9
                                                                                                                                                                                    • Instruction ID: 000568d90615fc93ce98faa5a7b5cd3537e628975cc7c63282aa4e807258a513
                                                                                                                                                                                    • Opcode Fuzzy Hash: 542bb65fbe389629235825924efbc39a74a7593a2bd5df543b1301489e39ebb9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5B4196B19183C19AE7219B14CC82BBBBBA4FFDE320F10571DF9C596141EBB09544C6A3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC3500 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 104fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CopyFileW.KERNEL32(?,?,?,?,00F14C24), ref: 00DC3613
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00DC361E
                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00DC3639
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$Attributes$Copy
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$DoCopyFile
                                                                                                                                                                                    • API String ID: 1180250742-495309063
                                                                                                                                                                                    • Opcode ID: a752721c66965a83fcb6df6b6218ddb6b23caad97740a8c47c0c3808b221b6ce
                                                                                                                                                                                    • Instruction ID: 0af16f7a9c18a17099e06e36247ee76955be8b5417e8963386dc0259ed0cd122
                                                                                                                                                                                    • Opcode Fuzzy Hash: a752721c66965a83fcb6df6b6218ddb6b23caad97740a8c47c0c3808b221b6ce
                                                                                                                                                                                    • Instruction Fuzzy Hash: 503122716143826BD320AB28CC45B6AB799EF86734F048B1DF4F5532C2EBB4DA458762
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7FADF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91windowCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FormatMessageA.KERNEL32(00001200,00000000,?,00000409,?,00000100,00000000), ref: 00D7FB23
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D7FB47
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00D7FBCA
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Error (0x%lX) while retrieving error. (0x%lX), xrefs: 00D7FBD2
                                                                                                                                                                                    • (0x%lX), xrefs: 00D7FB38
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFormatLastMessage_strlen
                                                                                                                                                                                    • String ID: (0x%lX)$Error (0x%lX) while retrieving error. (0x%lX)
                                                                                                                                                                                    • API String ID: 2706427827-3206765257
                                                                                                                                                                                    • Opcode ID: 8b9e07d034a02a485a69dac6bc07642c0a2326b4e35bf5ab65c8e81f8ceb55bf
                                                                                                                                                                                    • Instruction ID: 26baf31f58b59ff5debb07e4430a6d4853fe33d7a43b06145c3f932ba98a5a7e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8b9e07d034a02a485a69dac6bc07642c0a2326b4e35bf5ab65c8e81f8ceb55bf
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5431D6B19002286FEB259B24DC46EFB7B78DF45714F0480A8F94DA7252E6319E45CAB1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC3CE0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ReadFile.KERNEL32(00000000,?,?,FFFFFFFF,?), ref: 00DC3DB3
                                                                                                                                                                                    • GetLastError.KERNEL32 ref: 00DC3DCA
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFileLastRead
                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$File::Read$Read
                                                                                                                                                                                    • API String ID: 1948546556-1732825555
                                                                                                                                                                                    • Opcode ID: d38f6e7c340cd51e0d433017929783bf16de726f7a160b2d119359cc163404a5
                                                                                                                                                                                    • Instruction ID: e682a4ed6e7e4331d0ceee6c62127036140aafc75f6c5bb12ed4fa07b7ed4eb3
                                                                                                                                                                                    • Opcode Fuzzy Hash: d38f6e7c340cd51e0d433017929783bf16de726f7a160b2d119359cc163404a5
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6A31AC71504385ABD310DF28C881A6BB7A8FFC9370F108B1DF5E5562D1EB709645CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EC4AC2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00EC4B83,00EFC2C4,00EFC2BC,00000000,00000011,?,00EC4A1C,00000002,FlsGetValue,00EFC2BC,00EFC2C4,00000011), ref: 00EC4B52
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FreeLibrary
                                                                                                                                                                                    • String ID: api-ms-
                                                                                                                                                                                    • API String ID: 3664257935-2084034818
                                                                                                                                                                                    • Opcode ID: d2de9724c9bf991ce4ca20713cc6b3769737f54987ce14f006fae9b25d474437
                                                                                                                                                                                    • Instruction ID: ee4430d909ca2c0c6d7f8060ddf8989fe3ce56d11ab87a5fe2699f2208faf19e
                                                                                                                                                                                    • Opcode Fuzzy Hash: d2de9724c9bf991ce4ca20713cc6b3769737f54987ce14f006fae9b25d474437
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1F114CB1A41329ABDF228B689D54F5AB3A4AF01774F251225FD10FB3C0EB71ED0286D5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E5E4D0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 57registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 00E5E536
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ClassRegister
                                                                                                                                                                                    • String ID: ../../base/win/message_window.cc$D3$Failed to register the window class for a message-only window$MZx
                                                                                                                                                                                    • API String ID: 2764894006-1343926918
                                                                                                                                                                                    • Opcode ID: ea0438ba2e0bbfd228d4330ba9e4440f78f98c7dae96783f3e79010fc0cf79d9
                                                                                                                                                                                    • Instruction ID: 162542a80dd87cb340ea48fb09550abeb9aecf332993dd2d80f4b375ce8801e1
                                                                                                                                                                                    • Opcode Fuzzy Hash: ea0438ba2e0bbfd228d4330ba9e4440f78f98c7dae96783f3e79010fc0cf79d9
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC11B670D10348A7DB10DFA4D85ABAEBBB9EF45308F109419E4057B381EBB54749CBA1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDCFE4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36threadCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • DeleteProcThreadAttributeList.KERNEL32(65443A3A,?,?,?,?,?,?,?,?,00000000,00F14F64,00000000), ref: 00DDD010
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DDD026
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DDD055
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributeDeleteInit_thread_footerInit_thread_headerListProcThread
                                                                                                                                                                                    • String ID: ::DeleteProcThreadAttributeList$kernel32.dll
                                                                                                                                                                                    • API String ID: 1729018061-2988736364
                                                                                                                                                                                    • Opcode ID: ece410da28b60c8d96ef13b8f25b84c67fc88fd239bc48125540b3ace9ebe2a3
                                                                                                                                                                                    • Instruction ID: 234aac1c0e3be4bd3bdae8014867eb142fad83c1c40bcc10cc15f5e4664db354
                                                                                                                                                                                    • Opcode Fuzzy Hash: ece410da28b60c8d96ef13b8f25b84c67fc88fd239bc48125540b3ace9ebe2a3
                                                                                                                                                                                    • Instruction Fuzzy Hash: D0F02232600200AFC7209B18EC52EB533A5E7C4B20F16403AF809A3386C272B843A6A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EA7C12 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00EA7C9C,00EAD9F7,?,00EA7D1D,00EAC03F,?,00EAD9F7), ref: 00EA7C27
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00EA7C3A
                                                                                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00EA7C9C,00EAD9F7,?,00EA7D1D,00EAC03F,?,00EAD9F7), ref: 00EA7C5D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                                                                                    • Opcode ID: f54003462781570f6d1d8d641d14ac045ea9008a81cf1666ca7811dfe13ffd5e
                                                                                                                                                                                    • Instruction ID: ba102d27ab7c4bf7246fb148c9d8dde855e782183caeade2329af4749e0836df
                                                                                                                                                                                    • Opcode Fuzzy Hash: f54003462781570f6d1d8d641d14ac045ea9008a81cf1666ca7811dfe13ffd5e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BF0583064431CBBEB129B60DE09B9DBB79AF0876AF019060A900B51A0CB719E00EB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DFB750 Relevance: 7.8, APIs: 5, Instructions: 250COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4168288129-0
                                                                                                                                                                                    • Opcode ID: 0e69ed8bea4eab7195f77e8862195f50ce698283fb9920ee591a60e6dbe88378
                                                                                                                                                                                    • Instruction ID: 7faa1daa0f297d3adeb7d1908af8aefc69c62c2424f7344b7ae43fb8af6deb67
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0e69ed8bea4eab7195f77e8862195f50ce698283fb9920ee591a60e6dbe88378
                                                                                                                                                                                    • Instruction Fuzzy Hash: 54A1F071908B458FC712DF38C45166AB7E4FFD6390F168B6EE89567252EB30C8868781
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC78C0 Relevance: 7.7, APIs: 5, Instructions: 211registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegDeleteKeyExW.ADVAPI32(?,00000000,?,00000000), ref: 00DC78E5
                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,00000000,00000000,?,00000000), ref: 00DC7906
                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32 ref: 00DC7A93
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00DC7AED
                                                                                                                                                                                    • RegDeleteKeyExW.ADVAPI32(?,00000000,?,00000000), ref: 00DC7AFE
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Delete$CloseEnumOpen
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3013565938-0
                                                                                                                                                                                    • Opcode ID: 0b8c2d56cfcfed81a48b23de3cad875dcda5f58974837685324e249eab11eedb
                                                                                                                                                                                    • Instruction ID: 7adff2bc2d697a2415916981051a12dfa6e72b53bcecb26cd1fd30c991ee6d8a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0b8c2d56cfcfed81a48b23de3cad875dcda5f58974837685324e249eab11eedb
                                                                                                                                                                                    • Instruction Fuzzy Hash: B3717C716083429BDB11DF20C845B6FBBE5BF88318F04491DF899A7291D734DA04DFA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DFE230 Relevance: 7.7, APIs: 5, Instructions: 192COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00DDE527,?,?,?,00DC6B03,00DDE527,?,?,00DDE527,?), ref: 00DFE251
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AcquireExclusiveLock
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4021432409-0
                                                                                                                                                                                    • Opcode ID: a654c111ea793a7cb0c40e3b6b10a9a1893d986027f2876ad4a2bcb3b8eeeafa
                                                                                                                                                                                    • Instruction ID: efa1fe7b8b789bdb100ec4d6415c5b927aab4bd15fd19f64bce75f65d1ba7b64
                                                                                                                                                                                    • Opcode Fuzzy Hash: a654c111ea793a7cb0c40e3b6b10a9a1893d986027f2876ad4a2bcb3b8eeeafa
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2E716270A00209CFDB14DF68C495A7ABBF5BF88314F16856DE905AB362D730ED05CBA1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DBB3C0 Relevance: 7.6, APIs: 5, Instructions: 139COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TlsGetValue.KERNEL32(0000001D), ref: 00DBB469
                                                                                                                                                                                      • Part of subcall function 00DFC210: TlsAlloc.KERNEL32(?,00DBB3FB,FFFFFFFF), ref: 00DFC213
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(05339050), ref: 00DBB51B
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(05339050), ref: 00DBB553
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DBB571
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DBB5A0
                                                                                                                                                                                      • Part of subcall function 00DFC230: TlsFree.KERNEL32(00DBB45A,?,00DBB45A,?), ref: 00DFC236
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireAllocFreeInit_thread_footerInit_thread_headerReleaseValue
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3486807680-0
                                                                                                                                                                                    • Opcode ID: b03589bdaa4fd0ad081371c09f9eae5b6a633d87f9f9048e1bad98e670102363
                                                                                                                                                                                    • Instruction ID: dc101639ff22e2940b3d3f5a2f1381c60b16a863036959f0708a706649812b72
                                                                                                                                                                                    • Opcode Fuzzy Hash: b03589bdaa4fd0ad081371c09f9eae5b6a633d87f9f9048e1bad98e670102363
                                                                                                                                                                                    • Instruction Fuzzy Hash: F2411B7590010C9BCB20EB68EC01AE973A4FF41320F058679E565572D2DBB26955CFE2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DBB080 Relevance: 7.6, APIs: 5, Instructions: 125COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TlsGetValue.KERNEL32(0000001D), ref: 00DBB0A9
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(05339050), ref: 00DBB138
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(05339050), ref: 00DBB15A
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DBB20C
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DBB23F
                                                                                                                                                                                      • Part of subcall function 00DFC240: TlsSetValue.KERNEL32(FFFFFFFF,00DBB49B,?,00DBB49B,FFFFFFFF,?), ref: 00DFC249
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLockValue$AcquireInit_thread_footerInit_thread_headerRelease
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3909918647-0
                                                                                                                                                                                    • Opcode ID: 8c28de78a26af6dc9845e4fc7b4503b5445b832a52fb33123bd9d7c1f641c059
                                                                                                                                                                                    • Instruction ID: 8baca7b2ad15084071dd2c4921099352a024da060be1b796bdac7c056b987694
                                                                                                                                                                                    • Opcode Fuzzy Hash: 8c28de78a26af6dc9845e4fc7b4503b5445b832a52fb33123bd9d7c1f641c059
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D415DB5E00308DBDB209B6CDC55BEE33A9BB50360F154539E50657281DBB1AD45CBB2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7C972 Relevance: 7.6, APIs: 5, Instructions: 110registryCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RegOpenKeyExW.ADVAPI32(CD5C2137,?,00000000,?,?), ref: 00D7C9BE
                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00D7CA2E
                                                                                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,00000100,00000000,00000000,00000000,?), ref: 00D7CA79
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D7CA94
                                                                                                                                                                                    • RegCloseKey.ADVAPI32(?,?), ref: 00D7CAC5
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseEnum$Open
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 956018044-0
                                                                                                                                                                                    • Opcode ID: 31511e34243c3803f1c75e55c8f4df6ba6669ec09e91535513cb102d024407cc
                                                                                                                                                                                    • Instruction ID: 63fb147f2e18178cbaf208417d508b17e14387f141f202fd6dcbef8f8362bdc9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 31511e34243c3803f1c75e55c8f4df6ba6669ec09e91535513cb102d024407cc
                                                                                                                                                                                    • Instruction Fuzzy Hash: C341307194122CAFDB20DF65DC8CBEABBB8EF59350F144099E409A7240E7749E85CFA0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D78624 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 422COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: %.2x$%.8lx$,%.2x
                                                                                                                                                                                    • API String ID: 4218353326-2969256346
                                                                                                                                                                                    • Opcode ID: 997aa7de4878add26cb805590a4f41eabb9332740ca6403657fe95bca09d7391
                                                                                                                                                                                    • Instruction ID: b56acb71e2b4008073ebd79a446c91885ae235a3340f8221c4c92221a7402a8d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 997aa7de4878add26cb805590a4f41eabb9332740ca6403657fe95bca09d7391
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2CF1A2B15083809FDB11CF64C885A6BFBE0FF99314F048A2DF49997241EB71E945DB62
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EBEEF6 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 375COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __freea
                                                                                                                                                                                    • String ID: a/p$am/pm
                                                                                                                                                                                    • API String ID: 240046367-3206640213
                                                                                                                                                                                    • Opcode ID: ad7c032f88fa17d4883132c55b5c936af8d4f0ded1cce06061dbc9d55ddd3952
                                                                                                                                                                                    • Instruction ID: 307f4bf7222739e5bc1ce34095865d4b2570aa90095791f54f32bdbf8d006f9e
                                                                                                                                                                                    • Opcode Fuzzy Hash: ad7c032f88fa17d4883132c55b5c936af8d4f0ded1cce06061dbc9d55ddd3952
                                                                                                                                                                                    • Instruction Fuzzy Hash: B8C1E239900216DBCB249FA8CD95AFBB7B0FF06708F286179E901BB661D3359D41CB61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E32D40 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 333COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?), ref: 00E3311F
                                                                                                                                                                                      • Part of subcall function 00E20690: CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00E392E1,00000001,00000001), ref: 00E206B0
                                                                                                                                                                                      • Part of subcall function 00E20690: GetLastError.KERNEL32(?,?,00E392E1,00000001,00000001), ref: 00E206C2
                                                                                                                                                                                      • Part of subcall function 00E20690: SetLastError.KERNEL32(00000000,?,?,00E392E1,00000001,00000001), ref: 00E206F9
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?), ref: 00E331D4
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorExclusiveLastLock$AcquireCreateEventRelease
                                                                                                                                                                                    • String ID: $2
                                                                                                                                                                                    • API String ID: 629145919-4264767444
                                                                                                                                                                                    • Opcode ID: 7c84ee9c82c536e5c1160cfec97e38134096fac9e34e37b341b2d5364c0b9a8c
                                                                                                                                                                                    • Instruction ID: a6d3bb5da6ab6ac644477118f62e85e2562a1e7ec0a860d89a7d5bb20b5cfb80
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c84ee9c82c536e5c1160cfec97e38134096fac9e34e37b341b2d5364c0b9a8c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 05E1B2B19047449FE710DF38C885BAABBF0FF95304F109A1DE89A6B291D7B1E544CB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D69810 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 282COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FreeTask
                                                                                                                                                                                    • String ID: scheduled
                                                                                                                                                                                    • API String ID: 734271698-3897526373
                                                                                                                                                                                    • Opcode ID: 1eac0ca5455624c6f5a3f4d8585b29e12832115228b8f3c21898ba7a787b3de6
                                                                                                                                                                                    • Instruction ID: 8bbe5d24eea62455324fda47b37fae4d2679713495ddf70629c77f1f227bbc79
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1eac0ca5455624c6f5a3f4d8585b29e12832115228b8f3c21898ba7a787b3de6
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6BA1B1B0604301AFDB10DF64C894A6BBBE9FFC9318F044A1CF4959B291D731E946CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DE8540 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(?,?), ref: 00DE858B
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(?,?), ref: 00DE85AD
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                    • String ID: ess-$phas
                                                                                                                                                                                    • API String ID: 17069307-415257544
                                                                                                                                                                                    • Opcode ID: 9ec15756eab610ea80115b3929176ca1af7e4e30fecae74ec9be869696841cf3
                                                                                                                                                                                    • Instruction ID: adf0286f7c4f15d35807cb4f02d9f846ed12b1f60a78a9fced3b07d2dce3c6eb
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9ec15756eab610ea80115b3929176ca1af7e4e30fecae74ec9be869696841cf3
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC916B71604381AFCB14EF15C880A6BB7E5FFC8350F548A1DF8999B291DB70E905DBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC2750 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 165COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00000104), ref: 00DC2939
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: LongNamePath
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$.tmp$CreateAndOpenTemporaryFileInDir
                                                                                                                                                                                    • API String ID: 82841172-836254879
                                                                                                                                                                                    • Opcode ID: 6a512bfc6a23ad02275edf2f42662b6af58869705ccbdfd565fd9121f6032462
                                                                                                                                                                                    • Instruction ID: af97a4647ebe3ad69ec1d17a51d633db16b41559eb144dcb1cc8a2d6da4875fe
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6a512bfc6a23ad02275edf2f42662b6af58869705ccbdfd565fd9121f6032462
                                                                                                                                                                                    • Instruction Fuzzy Hash: A351CEB1908385ABDB00EF24CC81A7FB7A4EFC5724F045A1CF8E217292DB70D9458B62
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E28CD4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: %s%zu$restart_cmd_line_key_
                                                                                                                                                                                    • API String ID: 4218353326-2004224652
                                                                                                                                                                                    • Opcode ID: 973ded4bf81ee7f951de26e4cb79ddb7963c26bbe1a59638ef975c75fcdd7123
                                                                                                                                                                                    • Instruction ID: 85284cc8adbb3f740702464518f0a0d6f83f521df27c94bfc25290b0cdb74779
                                                                                                                                                                                    • Opcode Fuzzy Hash: 973ded4bf81ee7f951de26e4cb79ddb7963c26bbe1a59638ef975c75fcdd7123
                                                                                                                                                                                    • Instruction Fuzzy Hash: 514159716002155FCB10DF68DC81ABA77E8EF95324F14452DF859B7382EB70AD05C7A0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E02CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: , {
                                                                                                                                                                                    • API String ID: 4218353326-2621827712
                                                                                                                                                                                    • Opcode ID: d9180392f4c37b39f0f3e7c9fbdecfd70a20cc8d4c39811d1779edf8ee418b51
                                                                                                                                                                                    • Instruction ID: e1d27fb06a92a79a001c68023cc47cadf8a469455c6e9a507ea10b96a61caf8b
                                                                                                                                                                                    • Opcode Fuzzy Hash: d9180392f4c37b39f0f3e7c9fbdecfd70a20cc8d4c39811d1779edf8ee418b51
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC41E4B1904310ABDB10BB14DD46F6B7BE8DF80704F08042CFD457B292E676ED6A86A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D76354 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,?), ref: 00D76454
                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(?,?,?), ref: 00D76499
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Actual removal of , xrefs: 00D763A9
                                                                                                                                                                                    • ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc, xrefs: 00D7637A, 00D76397
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: DirectoryRemove
                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/installer/transactions/delete_file_operation.cc$Actual removal of
                                                                                                                                                                                    • API String ID: 597925465-678036363
                                                                                                                                                                                    • Opcode ID: 4fa6383279ec01420abb605be9451197b42d795349fd8f78904ecb35ddbc6d1b
                                                                                                                                                                                    • Instruction ID: bdccd6806ab5d1528920e539a5a5e0b3faf66a94e33b061952b31cf9111d1b91
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fa6383279ec01420abb605be9451197b42d795349fd8f78904ecb35ddbc6d1b
                                                                                                                                                                                    • Instruction Fuzzy Hash: EF41C271A003149BDF55EF60DC85BAA77A4AF45304F0484ADE90DA7283FB34EA49CB72
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB5C15 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 117COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • EncodePointer.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,00EB5B19,?,00000000,00000000,00000000,00000000,?), ref: 00EB5C3A
                                                                                                                                                                                    • CatchIt.LIBVCRUNTIME ref: 00EB5D20
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CatchEncodePointer
                                                                                                                                                                                    • String ID: MOC$RCC
                                                                                                                                                                                    • API String ID: 1435073870-2084237596
                                                                                                                                                                                    • Opcode ID: b7eea14d9532ee5ca008456c3760b89527b6a296a5d1375c8240efc8c47e6ca7
                                                                                                                                                                                    • Instruction ID: 31a890f0d69b8e8171977c91ee01a35fdc0c51fe39ee563c0f13e64e775193a7
                                                                                                                                                                                    • Opcode Fuzzy Hash: b7eea14d9532ee5ca008456c3760b89527b6a296a5d1375c8240efc8c47e6ca7
                                                                                                                                                                                    • Instruction Fuzzy Hash: B9419632900609AFCF16DF98C985AEEBBB2BF48304F149259FA047B221D3319950CB50
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E59C4E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • FindNextFile, xrefs: 00E59D6A
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/directory_reader_win.cc, xrefs: 00E59D58
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFileFindLastNext
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/directory_reader_win.cc$FindNextFile
                                                                                                                                                                                    • API String ID: 32741936-2470157903
                                                                                                                                                                                    • Opcode ID: 1e1a1e5d79bdef60e95507748e4f322a898255ccc3537ff590adc2b29cb37c56
                                                                                                                                                                                    • Instruction ID: ceccf7567033386a73cf7de2d3e34ac5f044595805277a4e607e433a8fa13e37
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1e1a1e5d79bdef60e95507748e4f322a898255ccc3537ff590adc2b29cb37c56
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8831262170021897EB24AB649C4ABFFB3A9DB81315F041439FC06BA2C3EB759D4987B1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC43D0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 100COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileInformationByHandle.KERNEL32(?,?), ref: 00DC4499
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileHandleInformation
                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$File::GetInfo$GetInfo
                                                                                                                                                                                    • API String ID: 3935143524-2616935691
                                                                                                                                                                                    • Opcode ID: d085c25593f284d40610df9ae3e347880c992aa49c995e10d8af6eb723234c14
                                                                                                                                                                                    • Instruction ID: cf32f3a52795a3db0697c40eb83894ffa60344d19124c28a8400686e08ca32b9
                                                                                                                                                                                    • Opcode Fuzzy Hash: d085c25593f284d40610df9ae3e347880c992aa49c995e10d8af6eb723234c14
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B41DF72908782ABC311DF28C841AABFBB4FFDA360F004B1DF5E416191EB709155C7A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E57BC4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 99COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateEventW.KERNEL32 ref: 00E57C1D
                                                                                                                                                                                    • CreateEventW.KERNEL32(?,?,?,?,?), ref: 00E57C8E
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateEvent
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/session_end_watcher.cc$CreateEvent
                                                                                                                                                                                    • API String ID: 2692171526-1378153383
                                                                                                                                                                                    • Opcode ID: 9e630e0c319987e8ffc22f86c60f301017963ad54d335f60db5c217630b38333
                                                                                                                                                                                    • Instruction ID: 1b2542fee45ac3e4d91f856797ffd7b437726d6084edb818eed39384351d9571
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9e630e0c319987e8ffc22f86c60f301017963ad54d335f60db5c217630b38333
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8231B870A007089BD730BF659C03B7BB7B5EF45304F00596EE94967283EB705A898BB2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB5478 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 93COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00EB5481
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ___except_validate_context_record
                                                                                                                                                                                    • String ID: csm$csm$Z
                                                                                                                                                                                    • API String ID: 3493665558-1362296331
                                                                                                                                                                                    • Opcode ID: a3a3b57969f31747e88d0ae23c04bf8bf4133e5a58d3b6617ebce93de4c498d7
                                                                                                                                                                                    • Instruction ID: 5087ef6d702f6abba57d136fe4870e5cd78c9ddf4185fbcd52317753fbe679ee
                                                                                                                                                                                    • Opcode Fuzzy Hash: a3a3b57969f31747e88d0ae23c04bf8bf4133e5a58d3b6617ebce93de4c498d7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7A31C173811A18EBCF329F54C844BEB7B67FF0831AB18515AF95969121C332DCA1DB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D81CB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 92synchronizationCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateMutexW.KERNEL32(?,00000000,?), ref: 00D81D18
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,00000000), ref: 00D81DA5
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • NamedMutexImpl, xrefs: 00D81D67
                                                                                                                                                                                    • ../../opera/desktop/windows/os_operations/os_operations_impl.cc, xrefs: 00D81D62
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateMutexObjectSingleWait
                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/os_operations/os_operations_impl.cc$NamedMutexImpl
                                                                                                                                                                                    • API String ID: 3113225513-3124965751
                                                                                                                                                                                    • Opcode ID: de7b861bade419bed9aa2261f9154c3ff2cb49a4a239958f56e046f2ac557745
                                                                                                                                                                                    • Instruction ID: 5c4f5dd9c239a88391c8989c153a0f924997ee8244d248e79a3865602d880b14
                                                                                                                                                                                    • Opcode Fuzzy Hash: de7b861bade419bed9aa2261f9154c3ff2cb49a4a239958f56e046f2ac557745
                                                                                                                                                                                    • Instruction Fuzzy Hash: BC31BFB59083859FD710DF24C881B6ABBE8FF99320F144A1DF8D593291DB70D905CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC3BC0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FilePointer
                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$File::Seek$Seek
                                                                                                                                                                                    • API String ID: 973152223-960883878
                                                                                                                                                                                    • Opcode ID: c462863697ba1c5071a060d6a91695cd39c3978c27f469107c8fc53c5dff2e7c
                                                                                                                                                                                    • Instruction ID: 2bfe75789415c7d8487fcad6dc758817cd520a73137c9ccbaca2136d00f30c37
                                                                                                                                                                                    • Opcode Fuzzy Hash: c462863697ba1c5071a060d6a91695cd39c3978c27f469107c8fc53c5dff2e7c
                                                                                                                                                                                    • Instruction Fuzzy Hash: B4313871518385ABC310EF68C88186AF7A4FFC9760F508B1EF8E5572D1DB709909CBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC4030 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • WriteFile.KERNEL32(?,?,00000000,FFFFFFFF,00000000), ref: 00DC40E8
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileWrite
                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$File::WriteAtCurrentPos$WriteAtCurrentPos
                                                                                                                                                                                    • API String ID: 3934441357-2300577854
                                                                                                                                                                                    • Opcode ID: 6bafa5fa3e16154f9e8590ebf8275d19f9b7a09c42dc44ddc4c8fc7386022245
                                                                                                                                                                                    • Instruction ID: 876519412cec69fe6bc7d1c8c870bca46a0b90ce67cec6edb9b45104abeeebfc
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6bafa5fa3e16154f9e8590ebf8275d19f9b7a09c42dc44ddc4c8fc7386022245
                                                                                                                                                                                    • Instruction Fuzzy Hash: C0218B72504385ABC210EF64CC81A6AF7A8FFD9770F504B1DB9F4671D1EB709A0987A2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC4130 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileSizeEx.KERNEL32(00000000,FFFFFFFF), ref: 00DC41E2
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileSize
                                                                                                                                                                                    • String ID: ../../base/files/file_win.cc$File::GetLength$GetLength
                                                                                                                                                                                    • API String ID: 3433856609-2366038222
                                                                                                                                                                                    • Opcode ID: dd411996fc5e45f2aebea71215874e9f3874e85f9412c3019d2e26dbbf35df8e
                                                                                                                                                                                    • Instruction ID: 63e3acfa92437fbf34b0985b1ddcfbe2b93f089bd0b1fb7bddb59e5d97eaabb7
                                                                                                                                                                                    • Opcode Fuzzy Hash: dd411996fc5e45f2aebea71215874e9f3874e85f9412c3019d2e26dbbf35df8e
                                                                                                                                                                                    • Instruction Fuzzy Hash: 27218E71514381ABD210EF68C84196EF7A4FFC9770F504B1DB5F4661D1DBB095068BA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB9042 Relevance: 6.3, APIs: 4, Instructions: 320COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strrchr
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3213747228-0
                                                                                                                                                                                    • Opcode ID: 4a71855c2dcaeff16fdaea010b3b3782e48c64892e311169d0175a16ee1683e7
                                                                                                                                                                                    • Instruction ID: db68972a11b92a26912a74f66445ee8cf6bda1a8b9c724e989094571c1840892
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4a71855c2dcaeff16fdaea010b3b3782e48c64892e311169d0175a16ee1683e7
                                                                                                                                                                                    • Instruction Fuzzy Hash: 45B12232D04246AFDB118F68C8817EFBBE5EF56304F2591AAEA45FB243D6348D01CB60
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DB2AA0 Relevance: 6.3, APIs: 4, Instructions: 277COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DB2BD2
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DB2C0C
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DB2DDE
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DB2E18
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4092853384-0
                                                                                                                                                                                    • Opcode ID: aa046aaae44bfbea1c5a95a8aaae9f7c38d22a8a2a970e7aa9bc67f28d69cfc3
                                                                                                                                                                                    • Instruction ID: 32ebf3fad1ca57db41aaff5eb13c33421c9094a5398b75f1c6184855b2492799
                                                                                                                                                                                    • Opcode Fuzzy Hash: aa046aaae44bfbea1c5a95a8aaae9f7c38d22a8a2a970e7aa9bc67f28d69cfc3
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0AA101B2E00616CBDB11CF6CC8816FDB771FB99314F1A4228D81667296DB30BA91C7E1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E04DF0 Relevance: 6.2, APIs: 4, Instructions: 207COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4218353326-0
                                                                                                                                                                                    • Opcode ID: 715f182307335c7a9d364302a9f544c72a474e4a5c3e9395234433abe7f7d4ab
                                                                                                                                                                                    • Instruction ID: 849068d0f04474251455517c98095132b3172fa822748ae7a4b0460550251e81
                                                                                                                                                                                    • Opcode Fuzzy Hash: 715f182307335c7a9d364302a9f544c72a474e4a5c3e9395234433abe7f7d4ab
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8061D1F5A042168FDB10CE64EE80ABB77A5BF40308F192468ED55AB3C1E635EC86C771
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DB12D0 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(05336D98,?), ref: 00DB1388
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(05336D98,FFFFFFFF,?,00000001,00ED0FB4,?,00D71CCA), ref: 00DB1479
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DB14B9
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DB1510
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireInit_thread_footerInit_thread_headerRelease
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2580794422-0
                                                                                                                                                                                    • Opcode ID: ec13816a6aa8a28bf4d840b6a0a1146e3aa7a01b84b89768310906b044d96eb5
                                                                                                                                                                                    • Instruction ID: 00b1352fdb3182e9c6686b58ceb5e4806c0b1e1cf3c933bca399179f62adea80
                                                                                                                                                                                    • Opcode Fuzzy Hash: ec13816a6aa8a28bf4d840b6a0a1146e3aa7a01b84b89768310906b044d96eb5
                                                                                                                                                                                    • Instruction Fuzzy Hash: F851E0B5A00705DBCB20DF64D890BEAB7B1FF95310F59462CE85627382E734E9098BB1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB5608 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AdjustPointer
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1740715915-0
                                                                                                                                                                                    • Opcode ID: b66f64b03cdd5cb1c6f8b0119844a34e836aebe868a1e38c4e55b3a5fba2146d
                                                                                                                                                                                    • Instruction ID: c760a7008dd81061a99156072c8d230f19caf61fa02c161e287d6954ad94872f
                                                                                                                                                                                    • Opcode Fuzzy Hash: b66f64b03cdd5cb1c6f8b0119844a34e836aebe868a1e38c4e55b3a5fba2146d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7151CB73601A12EFDB299F14D941BFBB3A4AF04314F14552EE905AB2A1EB71A880DB90
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC3870 Relevance: 6.1, APIs: 4, Instructions: 147COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00DC9120: FindNextFileW.KERNEL32(?,?,?,?,00000000,?,?), ref: 00DC91E4
                                                                                                                                                                                      • Part of subcall function 00DC9120: FindClose.KERNEL32(?,?,?), ref: 00DC91F8
                                                                                                                                                                                      • Part of subcall function 00DC9120: GetLastError.KERNEL32(?,?), ref: 00DC9342
                                                                                                                                                                                      • Part of subcall function 00DC9120: GetFileAttributesW.KERNEL32(FFFFFFFF,FFFFFFFF,?,?,?,00000001,?,?), ref: 00DC9420
                                                                                                                                                                                    • SetFileAttributesW.KERNEL32(FFFFFFFF,?,?,?,?,?,?,?,?), ref: 00DC398A
                                                                                                                                                                                    • RemoveDirectoryW.KERNEL32(FFFFFFFF,?,?,?,?,?,?,?), ref: 00DC39D9
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00DC3A12
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: File$AttributesErrorFindLast$CloseDirectoryNextRemove
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3974083381-0
                                                                                                                                                                                    • Opcode ID: 5afb2d0d63c679e95486e9666d455eef16e08f045d94e17107bfea46225d7738
                                                                                                                                                                                    • Instruction ID: f808e68e80a9cb120448b01c0a740eab1d9d3f5a04a14f1d01df874a3e6e1e98
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5afb2d0d63c679e95486e9666d455eef16e08f045d94e17107bfea46225d7738
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7C519EB1A4062B9BDF219A248C45FAEB768AF41340F0441ACA559A72C2EE71DF448F70
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E1A2C0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • RaiseException.KERNEL32(E0000008,00000001,00000001,00100000,00000000,?,00DE9CD9,00DC6D3F,?,00DC6D3F,00100000,?,?,?), ref: 00E1A2D7
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000000,00000000,00000000,00100000,?,E0000008,?,00DE9CD9,00DC6D3F,?,00DC6D3F,00100000,?,?,?), ref: 00E2A063
                                                                                                                                                                                    • VirtualFree.KERNEL32(00000000,00000000,00008000,?,E0000008,?,00DE9CD9,00DC6D3F,?,00DC6D3F,00100000,?,?,?), ref: 00E2A085
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000000,?,E0000008,?,00DE9CD9,00DC6D3F,?,00DC6D3F,00100000,?,?,?), ref: 00E2A0B0
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireExceptionFreeRaiseReleaseVirtual
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 329190654-0
                                                                                                                                                                                    • Opcode ID: b9d6d47147542da9712878aef9ac0f64bcec9ac30ffea1c04338299985f1677a
                                                                                                                                                                                    • Instruction ID: c543347fa69aec90bb0a21d758feec48de7cac40ee9f5085fbf83768801b2e44
                                                                                                                                                                                    • Opcode Fuzzy Hash: b9d6d47147542da9712878aef9ac0f64bcec9ac30ffea1c04338299985f1677a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9E110271600718EBEA006F50AC85FED7319EBC4F14F884024F60467282CBA1A90166FB
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DCA4E0 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • QueryPerformanceCounter.KERNEL32(00000000), ref: 00DCA50F
                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DCA54C
                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DCA56A
                                                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00DCA5C1
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$CounterPerformanceQuery
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 374826692-0
                                                                                                                                                                                    • Opcode ID: fba9cec278368843665ff8b6cfb5b7fa1fd55d3c281840a38c447d7487f795d5
                                                                                                                                                                                    • Instruction ID: b9b17046fb0bec84c62d67b16ac28df8358ab438e344b47045aed3fcf2f978f6
                                                                                                                                                                                    • Opcode Fuzzy Hash: fba9cec278368843665ff8b6cfb5b7fa1fd55d3c281840a38c447d7487f795d5
                                                                                                                                                                                    • Instruction Fuzzy Hash: EA317171704304AFCB08DF58D895A6BFBE9EBC8710F05C82EB558C7762DA34D8449B92
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DCE440 Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DCE4E1
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DCE51E
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DCE530
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DCE56D
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 4092853384-0
                                                                                                                                                                                    • Opcode ID: 31b0ea14fffdff8411871fb8becc16d6383300a02c91ddfb4e226468bf2aa29b
                                                                                                                                                                                    • Instruction ID: b4e47bc1b82644371c741a3da30c20f0f747d6edaa28f360a890a7f9030c536e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 31b0ea14fffdff8411871fb8becc16d6383300a02c91ddfb4e226468bf2aa29b
                                                                                                                                                                                    • Instruction Fuzzy Hash: E5315CB56042058FE710DF58E895F5637A2AB85314F1A8178E9054B3A2D772FC42DBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9E180 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E1E5
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E247
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E259
                                                                                                                                                                                      • Part of subcall function 00E994E7: EnterCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E994F2
                                                                                                                                                                                      • Part of subcall function 00E994E7: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E9952F
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E292
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalInit_thread_footerInit_thread_headerSection$EnterLeave
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2234156424-0
                                                                                                                                                                                    • Opcode ID: 2a1c123a3e919775ba0125d1c725ab1dfcc3950cac712b3226a97718eb6b5b72
                                                                                                                                                                                    • Instruction ID: 30915abd8a958796fed6eb93606752605ab11eea135660299ebcae403e88ba4b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2a1c123a3e919775ba0125d1c725ab1dfcc3950cac712b3226a97718eb6b5b72
                                                                                                                                                                                    • Instruction Fuzzy Hash: DE21F3B1A40344CFD710DF5CE956AA6BBE0F781720F168229E41577392D7316A41EBE2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9E2C0 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E325
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E387
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E399
                                                                                                                                                                                      • Part of subcall function 00E994E7: EnterCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E994F2
                                                                                                                                                                                      • Part of subcall function 00E994E7: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E9952F
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E3D2
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalInit_thread_footerInit_thread_headerSection$EnterLeave
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2234156424-0
                                                                                                                                                                                    • Opcode ID: 668d6f0a1b32e124c59a8d73cc5e6ad5c085038f7b5f06f5826cf20a0d70fbf5
                                                                                                                                                                                    • Instruction ID: 48e1ee7311c1a783cd0443c8201e516ff5b459342e347ebb9c28871e28528903
                                                                                                                                                                                    • Opcode Fuzzy Hash: 668d6f0a1b32e124c59a8d73cc5e6ad5c085038f7b5f06f5826cf20a0d70fbf5
                                                                                                                                                                                    • Instruction Fuzzy Hash: F8212975A00204CFCB10DF58ED5BEA5B7E0F781721F05C22AE81567392D731A540EBE2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E20690 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00E392E1,00000001,00000001), ref: 00E206B0
                                                                                                                                                                                    • GetLastError.KERNEL32(?,?,00E392E1,00000001,00000001), ref: 00E206C2
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,00E392E1,00000001,00000001), ref: 00E206F9
                                                                                                                                                                                      • Part of subcall function 00DC8370: GetHandleVerifier.ASSISTANT_INSTALLER(?,?,00DC631A,?,00000000,?,00F14CF8,?,?,?,?,00DC648D,00000000), ref: 00DC8377
                                                                                                                                                                                    • ResetEvent.KERNEL32(?,?,?,?,00E392E1,00000001,00000001), ref: 00E20725
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorEventLast$CreateHandleResetVerifier
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 794520543-0
                                                                                                                                                                                    • Opcode ID: 88e32caa755b60d9cd56936fb26f78e52191d587057e19cc0a4a5b0ee8241caf
                                                                                                                                                                                    • Instruction ID: d2c2caa24594f2ab46a02dab2c0aba1986bba9977e3865a389d81e27eb369603
                                                                                                                                                                                    • Opcode Fuzzy Hash: 88e32caa755b60d9cd56936fb26f78e52191d587057e19cc0a4a5b0ee8241caf
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3B11F976100308AFE7106F35EC49B4ABBDDFB45365F14482AF585C3291EBB6E850CB62
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DB2990 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DB2A05
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DB2A3B
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DB2A4D
                                                                                                                                                                                      • Part of subcall function 00E994E7: EnterCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E994F2
                                                                                                                                                                                      • Part of subcall function 00E994E7: LeaveCriticalSection.KERNEL32(00F14FC0,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E9952F
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DB2A87
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalInit_thread_footerInit_thread_headerSection$EnterLeave
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2234156424-0
                                                                                                                                                                                    • Opcode ID: 39f70166ace6374aebd2e9583804006816b507d95d772076a9f56cd9d01434f0
                                                                                                                                                                                    • Instruction ID: b061203ea274abd94c88bbe0f5a7153f897675f7cc553d7646ed7fac0429bcc0
                                                                                                                                                                                    • Opcode Fuzzy Hash: 39f70166ace6374aebd2e9583804006816b507d95d772076a9f56cd9d01434f0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 56217FF1E00218DBD718DB5CD895BE973B5E740310F15812DD50A5B3D2C771A982EBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E2F530 Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000030,00000000,00E39030,?,?,?,00E38FAB,00000000,00000000,?,?,00E5D98D,?,?,00E39030,?), ref: 00E2F55F
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000030,?,?,?,CD5C2137,?,?,?,?,?,?,00E5D81F,00E5D7B9), ref: 00E2F572
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00000024,00000000,00E39030,?,?,?,00E38FAB,00000000,00000000,?,?,00E5D98D,?,?,00E39030,?), ref: 00E2F58B
                                                                                                                                                                                    • ReleaseSRWLockExclusive.KERNEL32(00000024,?,?,?,CD5C2137,?,?,?,?,?,?,00E5D81F,00E5D7B9), ref: 00E2F59E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExclusiveLock$AcquireRelease
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 17069307-0
                                                                                                                                                                                    • Opcode ID: 3d34936e629de2d3a2e07b7533c9496c55ac15acdbce5ccc4959bc7e52137870
                                                                                                                                                                                    • Instruction ID: aed804c33e1d044b45c898491c08b7748ef28253985df03935d51724da13cc96
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3d34936e629de2d3a2e07b7533c9496c55ac15acdbce5ccc4959bc7e52137870
                                                                                                                                                                                    • Instruction Fuzzy Hash: 511160316002249FC715DF25D894ABB7BB5FF85324704552DF4466B391CB30EC06DBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB05FE Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,?,00000000,00EB053E,00000000,?,00EBF7C1,00DB10E1,00DB10E1,00EB053E,?,?,00DB10E1,00DB10E1,00000001), ref: 00EB0614
                                                                                                                                                                                    • GetLastError.KERNEL32(?,00EBF7C1,00DB10E1,00DB10E1,00EB053E,?,?,00DB10E1,00DB10E1,00000001,00000000,00000000,?,00EB053E,00DB10E1,00DC1595), ref: 00EB061E
                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00EB0625
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2398240785-0
                                                                                                                                                                                    • Opcode ID: 5f6a569d178f64286717c68835870be37f83043ac2ff39593af538b74214fa92
                                                                                                                                                                                    • Instruction ID: 415f708d8d9155a88b339a12e2b93fd289797ebd00d9e22c440dffa4d6d0b811
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5f6a569d178f64286717c68835870be37f83043ac2ff39593af538b74214fa92
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1DF0FB32200219BBDB205BA6DC08C9BFFA9FE853A03099525F519EA520CB31F861DBD1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EB0543 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFullPathNameW.KERNEL32(?,?,?,00000000,00EB053E,00000000,?,00EBF836,00DB10E1,00DB10E1,?,?,00DB10E1,00DB10E1,00000001,00000000), ref: 00EB0559
                                                                                                                                                                                    • GetLastError.KERNEL32(?,00EBF836,00DB10E1,00DB10E1,?,?,00DB10E1,00DB10E1,00000001,00000000,00000000,?,00EB053E,00DB10E1,00DC1595,?), ref: 00EB0563
                                                                                                                                                                                    • __dosmaperr.LIBCMT ref: 00EB056A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2398240785-0
                                                                                                                                                                                    • Opcode ID: 7532d41039d670b01efd5e18e0eedf7a96c2915e42385411b3bfdcc817f35564
                                                                                                                                                                                    • Instruction ID: 0338e7d3141edeb76e3c05780eacb73cbc45b6babd6ce844435b63354f523e0a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7532d41039d670b01efd5e18e0eedf7a96c2915e42385411b3bfdcc817f35564
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1FF04B32601215BBCB315FA6DC08D9BBFA9FE453A03059521B519A6920CB31F850EBD1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00EC6499 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00EBF865,00000000,00000001,00000000,00000000,?,00EB0D7B,?,?,00000000), ref: 00EC64B0
                                                                                                                                                                                    • GetLastError.KERNEL32(?,00EBF865,00000000,00000001,00000000,00000000,?,00EB0D7B,?,?,00000000,?,00000000,?,00EB080F,00000000), ref: 00EC64BC
                                                                                                                                                                                      • Part of subcall function 00EC6510: CloseHandle.KERNEL32(FFFFFFFE,00EC64CC,?,00EBF865,00000000,00000001,00000000,00000000,?,00EB0D7B,?,?,00000000,?,00000000), ref: 00EC6520
                                                                                                                                                                                    • ___initconout.LIBCMT ref: 00EC64CC
                                                                                                                                                                                      • Part of subcall function 00EC64EE: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00EC648A,00EBF852,00000000,?,00EB0D7B,?,?,00000000,?), ref: 00EC6501
                                                                                                                                                                                    • WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,00EBF865,00000000,00000001,00000000,00000000,?,00EB0D7B,?,?,00000000,?), ref: 00EC64E1
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 2744216297-0
                                                                                                                                                                                    • Opcode ID: af78ca7fd1a6848d0e5451309d6e31633352e122d378d882adec04d73e850ebd
                                                                                                                                                                                    • Instruction ID: e31f67f9dd2fd2202c1eb8ecfa62a8c6c6005161556c899ac563b624c11654ab
                                                                                                                                                                                    • Opcode Fuzzy Hash: af78ca7fd1a6848d0e5451309d6e31633352e122d378d882adec04d73e850ebd
                                                                                                                                                                                    • Instruction Fuzzy Hash: 22F0303610021DBBCF221FE6DC04E8A7F66FB083A0B059414FA2895530CA73C861AB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E995A7 Relevance: 6.0, APIs: 4, Instructions: 25COMMONLIBRARYCODE
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SleepConditionVariableCS.KERNELBASE(?,00E9950C,00000064), ref: 00E995CA
                                                                                                                                                                                    • LeaveCriticalSection.KERNEL32(00F14FC0,?,?,00E9950C,00000064,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000), ref: 00E995D4
                                                                                                                                                                                    • WaitForSingleObjectEx.KERNEL32(?,00000000,?,00E9950C,00000064,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000), ref: 00E995E5
                                                                                                                                                                                    • EnterCriticalSection.KERNEL32(00F14FC0,?,00E9950C,00000064,?,?,?,00DFEFCF,00F15134,?,?,?,?,00DFEBD1,00000000,00000000), ref: 00E995EC
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 3269011525-0
                                                                                                                                                                                    • Opcode ID: 5c5a69709c9c88661f3f4de8c6c30b7cada88cef1489bc61870e16155eba090c
                                                                                                                                                                                    • Instruction ID: 2999f27b7fbbedf65c7309ef0c8ab2cbaf43e1786dd587d89e0e7e4b4015eb8a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 5c5a69709c9c88661f3f4de8c6c30b7cada88cef1489bc61870e16155eba090c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 60E0923154522CABCB025B94FC08FCA7F25BB89761B038014F50967260C7A1B942BBD6
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DBA770 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 295COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: ScopedBlockingCall
                                                                                                                                                                                    • API String ID: 4218353326-1243657212
                                                                                                                                                                                    • Opcode ID: 560e01b42f40c35e0ee88572bd7adc01393666539e938690ad0c8ebd13262e7d
                                                                                                                                                                                    • Instruction ID: 4be7343fba2454641b99e010897a996d7456005d5018d87cf6adffd331793630
                                                                                                                                                                                    • Opcode Fuzzy Hash: 560e01b42f40c35e0ee88572bd7adc01393666539e938690ad0c8ebd13262e7d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6EB17EB0600B019FD724DF29C981A16BBE1FF59720F548A2DE89B87B91D771F805CBA1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DBAAD0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 295COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ScopedBlockingCallWithBaseSyncPrimitives, xrefs: 00DBAB14
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: ScopedBlockingCallWithBaseSyncPrimitives
                                                                                                                                                                                    • API String ID: 4218353326-1856630658
                                                                                                                                                                                    • Opcode ID: 686d739ba49a4d747ef9690944a08431b7cefe35def8b611093daa08f6dfe543
                                                                                                                                                                                    • Instruction ID: a3479752bb7106b7ca6c373e734c6b817aaab0c3d51cece54440a9f4902ee9ae
                                                                                                                                                                                    • Opcode Fuzzy Hash: 686d739ba49a4d747ef9690944a08431b7cefe35def8b611093daa08f6dfe543
                                                                                                                                                                                    • Instruction Fuzzy Hash: 48B16DB0600B019FD724DF29C981A56BBE2FF49710F548A2DE4AB87B92D771F805CB61
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC2A00 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 263COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00DC2D05
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • CreateTemporaryDirInDir, xrefs: 00DC2A57
                                                                                                                                                                                    • ../../base/files/file_util_win.cc, xrefs: 00DC2A52
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateDirectory
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$CreateTemporaryDirInDir
                                                                                                                                                                                    • API String ID: 4241100979-140310067
                                                                                                                                                                                    • Opcode ID: 3f2738a89a87604aacd46d6f774e8e80732b109a0e3c076a2ad874a38c63bdad
                                                                                                                                                                                    • Instruction ID: 48c62638adb9b38268e8172714859476dff28be037dd568c56bd67766cf585fa
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f2738a89a87604aacd46d6f774e8e80732b109a0e3c076a2ad874a38c63bdad
                                                                                                                                                                                    • Instruction Fuzzy Hash: FEA1C0B1508381ABDB019F24C881B6FBBE0BFD5314F040A1DF4D667291DB75EA4987A3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DAD490 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 258COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • TryAcquireSRWLockExclusive.KERNEL32(00DADA6C,?,00DADA10,00DADA60,?,?,?,?,?,?,?,?,?), ref: 00DAD520
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AcquireExclusiveLock
                                                                                                                                                                                    • String ID: Y0
                                                                                                                                                                                    • API String ID: 4021432409-2000242909
                                                                                                                                                                                    • Opcode ID: 011f35e18d465ac17d4cebee44255b06d9a4334261fd1ef37e2ae67c2a1288b9
                                                                                                                                                                                    • Instruction ID: c3477b31f5fe42be2f1abccd1d12601161db88694dc35f14109adf0c5497e6f6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 011f35e18d465ac17d4cebee44255b06d9a4334261fd1ef37e2ae67c2a1288b9
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1BA146B1D002099FCF14DFA8C881AAEBBB2FF49310F144529E856A7751DB70AE45CFA1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D831E0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • SHAssocEnumHandlersForProtocolByApplication.SHELL32(?,00ECCEF4,00000000), ref: 00D83219
                                                                                                                                                                                    • IIDFromString.OLE32({CA635855-B44E-4541-9591-9FAA53354A53},?,FFFFFFFF), ref: 00D8338C
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • {CA635855-B44E-4541-9591-9FAA53354A53}, xrefs: 00D83387
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ApplicationAssocEnumFromHandlersProtocolString
                                                                                                                                                                                    • String ID: {CA635855-B44E-4541-9591-9FAA53354A53}
                                                                                                                                                                                    • API String ID: 1503932110-2735895030
                                                                                                                                                                                    • Opcode ID: 53cedab9011d30db34e80e9caebeb27fbd9471d2271a2fbd9c6f68d5639e8e45
                                                                                                                                                                                    • Instruction ID: 76f5eb7c2df91fde195cfabde7d212fc1374c06415fa1e4593d5d7cd21604bbf
                                                                                                                                                                                    • Opcode Fuzzy Hash: 53cedab9011d30db34e80e9caebeb27fbd9471d2271a2fbd9c6f68d5639e8e45
                                                                                                                                                                                    • Instruction Fuzzy Hash: B771A1716043119FCB14DF68C484B6BBBE4FF88B14F18851CF89A9B250DB30EA45CBA1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DAB770 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: p$pc:%p
                                                                                                                                                                                    • API String ID: 4218353326-4094355736
                                                                                                                                                                                    • Opcode ID: 683f5321d6210ba2de6fb933372fe8ec93ee9480f4d24f0f083b1bfd08e2a7c0
                                                                                                                                                                                    • Instruction ID: e7c32f62a39306a8e8ba7aaa55b15038e04903cf82e517d888ee599099db6b3d
                                                                                                                                                                                    • Opcode Fuzzy Hash: 683f5321d6210ba2de6fb933372fe8ec93ee9480f4d24f0f083b1bfd08e2a7c0
                                                                                                                                                                                    • Instruction Fuzzy Hash: 79617FB0408340AFD701DF28C844B5BBFE4AF96324F04891EF5895B262D775D999DBA3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D6CC90 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00D6CD83
                                                                                                                                                                                      • Part of subcall function 00EAD9B4: IsProcessorFeaturePresent.KERNEL32(00000017,00EB6F16,?,00EAC03F,?,?,?,00000000,?,?,00D6CEDF,?,?,?,00D9EE62,?), ref: 00EAD9D0
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FeaturePresentProcessor_strlen
                                                                                                                                                                                    • String ID: ... (message truncated)$[%s : %d] RAW:
                                                                                                                                                                                    • API String ID: 2631407230-3262997248
                                                                                                                                                                                    • Opcode ID: dd6a2eefcfe2740061927a6a0ac089be6ce0891bb95f95562f4bc3f4ff2ba558
                                                                                                                                                                                    • Instruction ID: cb483c4e8bc745541aed30f46823a698e4a3e0e45ab62c9778935c71201e9579
                                                                                                                                                                                    • Opcode Fuzzy Hash: dd6a2eefcfe2740061927a6a0ac089be6ce0891bb95f95562f4bc3f4ff2ba558
                                                                                                                                                                                    • Instruction Fuzzy Hash: BD51F872A01219AFDF14EF64DC81EEB7BB9EF45314F044069F909A7251DB319A15CBB0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D81AD0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • ShellExecuteExW.SHELL32(?), ref: 00D81BDB
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • RunElevatedProcess, xrefs: 00D81BBE
                                                                                                                                                                                    • ../../opera/desktop/windows/os_operations/os_operations_impl.cc, xrefs: 00D81BB9
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ExecuteShell
                                                                                                                                                                                    • String ID: ../../opera/desktop/windows/os_operations/os_operations_impl.cc$RunElevatedProcess
                                                                                                                                                                                    • API String ID: 587946157-422436730
                                                                                                                                                                                    • Opcode ID: 4fead2f8a9cb0a4a6f46542a98e02dbc29b8abea5f34efe7ac7ae57269a152f2
                                                                                                                                                                                    • Instruction ID: dac98ff48b5d3b8c5e0fb155d9caf9800a86db79f263dcd769bfba885334f1bd
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4fead2f8a9cb0a4a6f46542a98e02dbc29b8abea5f34efe7ac7ae57269a152f2
                                                                                                                                                                                    • Instruction Fuzzy Hash: 454171B5900B419FD7219F34C885AA2F7E8FF99310F008A1EE9DA97641E770F519CB91
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E02E80 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E02F5F
                                                                                                                                                                                    • _strlen.LIBCMT ref: 00E02F95
                                                                                                                                                                                      • Part of subcall function 00E448D0: EventUnregister.ADVAPI32(?,?,00000000,?,00E02F09,Google.Chrome,00ED8194,00E02FF0,00000000), ref: 00E448E4
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen$EventUnregister
                                                                                                                                                                                    • String ID: Google.Chrome
                                                                                                                                                                                    • API String ID: 303537305-2537414952
                                                                                                                                                                                    • Opcode ID: 2ee1d7dc6341c52d7d36bd2fa3564002997c929f66069354c49e3aae27e5855b
                                                                                                                                                                                    • Instruction ID: e4ebb91f42f28f2263deb36f1c7738951804f1f06697f6f94705f05bc17ec3f5
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2ee1d7dc6341c52d7d36bd2fa3564002997c929f66069354c49e3aae27e5855b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 90413EB1E012189FDB04DF94D881BDEBBF4EF48314F14906AE505BB382DB759946CBA1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E53CAC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00E53CE3
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileModuleName
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/misc/paths_win.cc$GetModuleFileName
                                                                                                                                                                                    • API String ID: 514040917-3182889293
                                                                                                                                                                                    • Opcode ID: 62c56477c5dfdf7226078609c2f8c8dabc8292d66111bc006428b1f2fa7ce47a
                                                                                                                                                                                    • Instruction ID: c93789ddc6939277f7cd92d7a74c3f30007a51b07429f031ee19c79a305c62ea
                                                                                                                                                                                    • Opcode Fuzzy Hash: 62c56477c5dfdf7226078609c2f8c8dabc8292d66111bc006428b1f2fa7ce47a
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3031DF31B4031C66EB606A609C4BFFE7279DB51B54F001469FA0A7B1C3EBB19B4986B1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D80410 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                      • Part of subcall function 00D8051B: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,00D8043C,SeTakeOwnershipPrivilege), ref: 00D8053C
                                                                                                                                                                                      • Part of subcall function 00D8051B: OpenProcessToken.ADVAPI32(00000000,00000020,?,?,?,?,?,?,?,?,?,00D8043C,SeTakeOwnershipPrivilege), ref: 00D80546
                                                                                                                                                                                      • Part of subcall function 00D8051B: LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00D80577
                                                                                                                                                                                      • Part of subcall function 00D8051B: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00D8043C,SeTakeOwnershipPrivilege), ref: 00D805A9
                                                                                                                                                                                      • Part of subcall function 00D8051B: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00D8043C,SeTakeOwnershipPrivilege), ref: 00D805B3
                                                                                                                                                                                    • SetNamedSecurityInfoW.ADVAPI32(?,?,00000001,00000000,00000000,00000000,00000000,SeTakeOwnershipPrivilege), ref: 00D80489
                                                                                                                                                                                    • LocalFree.KERNEL32(?,SeTakeOwnershipPrivilege), ref: 00D804D2
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ProcessToken$AdjustCurrentErrorFreeInfoLastLocalLookupNamedOpenPrivilegePrivilegesSecurityValue
                                                                                                                                                                                    • String ID: SeTakeOwnershipPrivilege
                                                                                                                                                                                    • API String ID: 3132948474-3375656754
                                                                                                                                                                                    • Opcode ID: 28fb93d3c92a9ac6911ad23060597b719099be95d0c0596182fe2fc2c6a50f8b
                                                                                                                                                                                    • Instruction ID: 79cf9611145d729095c285e81303e0eab53a0687e09a52d5806e247171ccef71
                                                                                                                                                                                    • Opcode Fuzzy Hash: 28fb93d3c92a9ac6911ad23060597b719099be95d0c0596182fe2fc2c6a50f8b
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0531E870F002199BDF51BBA4CC42A7FBB65EF44310F048029FD56A7286CB75690A97F1
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D79210 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                    • String ID: 3333$3333
                                                                                                                                                                                    • API String ID: 4168288129-1524365199
                                                                                                                                                                                    • Opcode ID: b329f60c98ccf79729f683c45fd273e5abceec77262bfd3bb48e7fb20d0a8b66
                                                                                                                                                                                    • Instruction ID: 90e6a65a1f27f1a52e985ef34e73d6b02fb13edff0dd99ed036c20fd76537b21
                                                                                                                                                                                    • Opcode Fuzzy Hash: b329f60c98ccf79729f683c45fd273e5abceec77262bfd3bb48e7fb20d0a8b66
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8E215933B146080BC715AA3EC85212EF3E6DF9635075CCB3AE48AE7281FB31E4858661
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D6F7F2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: __floor_pentium4
                                                                                                                                                                                    • String ID: 3333$3333
                                                                                                                                                                                    • API String ID: 4168288129-1524365199
                                                                                                                                                                                    • Opcode ID: b329f60c98ccf79729f683c45fd273e5abceec77262bfd3bb48e7fb20d0a8b66
                                                                                                                                                                                    • Instruction ID: 973b3548809ff5d14ef7cc4e3640d04eff132fc17880b5bec327662f1cfbe522
                                                                                                                                                                                    • Opcode Fuzzy Hash: b329f60c98ccf79729f683c45fd273e5abceec77262bfd3bb48e7fb20d0a8b66
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3C212972B14A094BC705EB3ED84212EE3E5EF9535071DCB3AE446E7241EB31D4958A51
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC3040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 00DC30CF
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$GetFileInfo
                                                                                                                                                                                    • API String ID: 3188754299-477665002
                                                                                                                                                                                    • Opcode ID: ff074a02738a1244bd54bec92f908b86c6df9cc095451d723c39f08eb4dbbceb
                                                                                                                                                                                    • Instruction ID: 5af0dcb7b4ee74c0723b962f6b4f4dfaa14e6b2324611228cef3497ab78de800
                                                                                                                                                                                    • Opcode Fuzzy Hash: ff074a02738a1244bd54bec92f908b86c6df9cc095451d723c39f08eb4dbbceb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4331B072908B86ABC3118F24C841A5BF7B4FFDA360F104B1DF9D427291EB70D6958B92
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7F470 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87synchronizationCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00D7F492
                                                                                                                                                                                      • Part of subcall function 00D7FADF: FormatMessageA.KERNEL32(00001200,00000000,?,00000409,?,00000100,00000000), ref: 00D7FB23
                                                                                                                                                                                      • Part of subcall function 00D7FADF: _strlen.LIBCMT ref: 00D7FB47
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Unexpected result when waiting for elevated process: , xrefs: 00D7F4EA
                                                                                                                                                                                    • Failed wait for the elevated process: , xrefs: 00D7F4C4
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FormatMessageObjectSingleWait_strlen
                                                                                                                                                                                    • String ID: Failed wait for the elevated process: $Unexpected result when waiting for elevated process:
                                                                                                                                                                                    • API String ID: 2759725772-2013727604
                                                                                                                                                                                    • Opcode ID: c3a786253d09056e51a8170802098ab208464eb52d7bb70fa017b577899757ed
                                                                                                                                                                                    • Instruction ID: 4967272664e8cd7429b09b8f206e8fed75be9fdec82488a61ba1b6f175228137
                                                                                                                                                                                    • Opcode Fuzzy Hash: c3a786253d09056e51a8170802098ab208464eb52d7bb70fa017b577899757ed
                                                                                                                                                                                    • Instruction Fuzzy Hash: 6D31F6B1904300AFCB119F28CC8595BBBE8EF95314F04C12DF45E5B262E731D905D762
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E5E690 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 86COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateWindowExW.USER32 ref: 00E5E743
                                                                                                                                                                                      • Part of subcall function 00E5E4D0: RegisterClassExW.USER32(00000030), ref: 00E5E536
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • Failed to create a message-only window, xrefs: 00E5E784
                                                                                                                                                                                    • ../../base/win/message_window.cc, xrefs: 00E5E772
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ClassCreateRegisterWindow
                                                                                                                                                                                    • String ID: ../../base/win/message_window.cc$Failed to create a message-only window
                                                                                                                                                                                    • API String ID: 3469048531-3362469768
                                                                                                                                                                                    • Opcode ID: 2b43e8ed487e1258c99ccd303cbcd7ab459e3a7e03c2647493b782a3885dcd08
                                                                                                                                                                                    • Instruction ID: 7a65805e7053d8b1d128f9592e7626404723f245d11265e6289b883ddcfccce2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2b43e8ed487e1258c99ccd303cbcd7ab459e3a7e03c2647493b782a3885dcd08
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B31F970A043049BD714EF648846B6EB7A5EFC9714F40882EFC546B382D774AA448B72
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E58FDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00E59002
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • GetFileAttributes , xrefs: 00E59061
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/filesystem_win.cc, xrefs: 00E5904F
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AttributesFile
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/filesystem_win.cc$GetFileAttributes
                                                                                                                                                                                    • API String ID: 3188754299-264061613
                                                                                                                                                                                    • Opcode ID: b12f7f03eb2f63f685030dcddf4745e8f025c95f75a9f90ad2897459cfbb3f6d
                                                                                                                                                                                    • Instruction ID: 06aa85a1d1b6d19dea15c57083104a253fdc93eebe12e5f0683905c3846296c5
                                                                                                                                                                                    • Opcode Fuzzy Hash: b12f7f03eb2f63f685030dcddf4745e8f025c95f75a9f90ad2897459cfbb3f6d
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2D210A70A00218ABEB10AB64DC86FEAB768EF05314F444865FD59B71C3E731AE5D8B71
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E5A615 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 82fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • CreateFile , xrefs: 00E5A69C
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 00E5A68A
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$CreateFile
                                                                                                                                                                                    • API String ID: 823142352-2196637939
                                                                                                                                                                                    • Opcode ID: 2247773a276feb2c350f257ce8bd86f188be71b291fa1ede6a6e5084c0fcc36c
                                                                                                                                                                                    • Instruction ID: 3278d569141ef38da961db05a8dc5cf5c515fb498632bdf455eaa49b70f234bb
                                                                                                                                                                                    • Opcode Fuzzy Hash: 2247773a276feb2c350f257ce8bd86f188be71b291fa1ede6a6e5084c0fcc36c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5621DC709002289BEB10AF24DC41FAAB7B4EF55314F0445A9F9486B182E7305E48CB72
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC33C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00DC344F
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../base/files/file_util_win.cc, xrefs: 00DC340C
                                                                                                                                                                                    • GetCurrentDirectoryW, xrefs: 00DC3411
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentDirectory
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$GetCurrentDirectoryW
                                                                                                                                                                                    • API String ID: 1611563598-109067590
                                                                                                                                                                                    • Opcode ID: 1fef8f4e2b913847b9854d4795c63c969947d343e27d7e78937c3a29bf65bd36
                                                                                                                                                                                    • Instruction ID: 0a64d2568e2b097632f5b15a27bf9756fc8029825bc490ee5cb294ccc293a2b1
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1fef8f4e2b913847b9854d4795c63c969947d343e27d7e78937c3a29bf65bd36
                                                                                                                                                                                    • Instruction Fuzzy Hash: 63210931608385ABD710AB24CC859BFB3A4EFC6764F00072DF4D5572C1EBB49945C6A3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E5A927 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • LockFileEx.KERNEL32(00000000,8408C483,00000000,-00000001,-00000001,?), ref: 00E5A96B
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 00E5A998
                                                                                                                                                                                    • LockFileEx, xrefs: 00E5A9A8
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileLock
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$LockFileEx
                                                                                                                                                                                    • API String ID: 3169042693-1251665049
                                                                                                                                                                                    • Opcode ID: 9716bc426398336a5d70cb0e38e0e6603694c52d8c5f7b705834afd95834487c
                                                                                                                                                                                    • Instruction ID: 2432e5a846e3ecbf60e2da08d35d6a5308357084f2704bb0cd3e34e6c7a86da2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9716bc426398336a5d70cb0e38e0e6603694c52d8c5f7b705834afd95834487c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 29115C31A0035477E7209B259C46FAB77ADEFC5720F058629FC4567282EB30990582B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E20760 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 63synchronizationCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00E20802
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../base/synchronization/waitable_event_win.cc, xrefs: 00E207C5
                                                                                                                                                                                    • Wait, xrefs: 00E207CA
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ObjectSingleWait
                                                                                                                                                                                    • String ID: ../../base/synchronization/waitable_event_win.cc$Wait
                                                                                                                                                                                    • API String ID: 24740636-241924016
                                                                                                                                                                                    • Opcode ID: 3db0e1542c830592e637d69ad3498a23d23070e963fb91dd54f20627df187adb
                                                                                                                                                                                    • Instruction ID: 3923724b9a6a590658fc12d8153442e2db8e2956e481d41015ac4d0ea77fd44b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3db0e1542c830592e637d69ad3498a23d23070e963fb91dd54f20627df187adb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 972160314083C19AE315EB28C846BABFBD4AFD6324F540A1DF4D4165D2DBE49A89C7E3
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E5A9DA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60fileCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • UnlockFileEx.KERNEL32(00E283D0,00000000,-00000001,-00000001,?), ref: 00E5AA15
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/file/file_io_win.cc, xrefs: 00E5AA42
                                                                                                                                                                                    • UnlockFileEx, xrefs: 00E5AA52
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileUnlock
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/file/file_io_win.cc$UnlockFileEx
                                                                                                                                                                                    • API String ID: 45017762-3846138344
                                                                                                                                                                                    • Opcode ID: c24b5d3f312051ab5cf2fd4514d8c5d69731c98913bac07f77ab082720058963
                                                                                                                                                                                    • Instruction ID: 3b2f2d0ebd61ab31912fcbd03d6dfcf6f8c97413d1d546c3583cf16ac5cd079f
                                                                                                                                                                                    • Opcode Fuzzy Hash: c24b5d3f312051ab5cf2fd4514d8c5d69731c98913bac07f77ab082720058963
                                                                                                                                                                                    • Instruction Fuzzy Hash: EB114872A1031467E724AB649C07FABB75DDFC4760F00462AFC496B282EB70994882B2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DC1A20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 53COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • MoveFileExW.KERNEL32(00D7641A,00000000,00000004,?,00000000), ref: 00DC1AA0
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • DeleteFileAfterReboot, xrefs: 00DC1A6C
                                                                                                                                                                                    • ../../base/files/file_util_win.cc, xrefs: 00DC1A67
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: FileMove
                                                                                                                                                                                    • String ID: ../../base/files/file_util_win.cc$DeleteFileAfterReboot
                                                                                                                                                                                    • API String ID: 3562171763-3643015445
                                                                                                                                                                                    • Opcode ID: 3e7a6e0163e2ac7de1e98a694ee91358f3ca9961442c7b563405bec00840af9e
                                                                                                                                                                                    • Instruction ID: 19469169d65cca99a5c4ed24417d93b99f37ca83a64a9e05930324288febf74b
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3e7a6e0163e2ac7de1e98a694ee91358f3ca9961442c7b563405bec00840af9e
                                                                                                                                                                                    • Instruction Fuzzy Hash: AD11E331A14381ABD3209F288C82B6AB3A8EFC6730F10471EF6E1571C1DBB1A5468692
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D7DA80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetForegroundWindow.USER32 ref: 00D7DA95
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../opera/desktop/chrome_imports/chrome/browser/win/settings_app_monitor.cc, xrefs: 00D7DAD3
                                                                                                                                                                                    • OnInitialized, xrefs: 00D7DAD8
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ForegroundWindow
                                                                                                                                                                                    • String ID: ../../opera/desktop/chrome_imports/chrome/browser/win/settings_app_monitor.cc$OnInitialized
                                                                                                                                                                                    • API String ID: 2020703349-173421485
                                                                                                                                                                                    • Opcode ID: 3f97d1b7c81eb5142d4ac397ccd727121e41dd4e18068f9f7572d02188816f60
                                                                                                                                                                                    • Instruction ID: d2e4b58044ce47ce1a1245820a7ba853f27394fddbe3880622e056961b50e6a6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 3f97d1b7c81eb5142d4ac397ccd727121e41dd4e18068f9f7572d02188816f60
                                                                                                                                                                                    • Instruction Fuzzy Hash: 9B017571E00218AFCB10EF989D468EFBBB8EF49710B44446AE91977242E77169158BF2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9E4E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E544
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E57D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: %m/%d/%y
                                                                                                                                                                                    • API String ID: 4092853384-2272391455
                                                                                                                                                                                    • Opcode ID: 1c57ed1cf730fb3d7d6e3f4ad5f1c127954cf6fac0e2fdf03c87ccee27dec4ad
                                                                                                                                                                                    • Instruction ID: 9f256dfc22869fe713919f83eba6a7624a0c863f1ebfcc563683d0fdf80245f6
                                                                                                                                                                                    • Opcode Fuzzy Hash: 1c57ed1cf730fb3d7d6e3f4ad5f1c127954cf6fac0e2fdf03c87ccee27dec4ad
                                                                                                                                                                                    • Instruction Fuzzy Hash: 5601CCB2900605CFEB10EF58E846BA9B7B4FB44724F01826AF41947386E331A945DAA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9E400 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E464
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E49D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: %m/%d/%y
                                                                                                                                                                                    • API String ID: 4092853384-2272391455
                                                                                                                                                                                    • Opcode ID: 9d7236373e2bd224695ce05da943126fd6d805422055a83b600b38af4c93f8cc
                                                                                                                                                                                    • Instruction ID: ca87c6af212fe29616a00bae053fcf703b939ec3f957a4c776a32fe2c357470a
                                                                                                                                                                                    • Opcode Fuzzy Hash: 9d7236373e2bd224695ce05da943126fd6d805422055a83b600b38af4c93f8cc
                                                                                                                                                                                    • Instruction Fuzzy Hash: 2101C0B2A01704CFDB10EF5CE84AB95B7F0FB40730F058269E51987382D331A9019AA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9E5C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E624
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E65D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: %H:%M:%S
                                                                                                                                                                                    • API String ID: 4092853384-1434664181
                                                                                                                                                                                    • Opcode ID: 6be78d4027800b7a0b603401e273eb06b4e90945aea529b341f4504d8117ea36
                                                                                                                                                                                    • Instruction ID: 7f7ef0c92bf23690dcff85829993e502d3b01643c0b2fbbbd6d797b1836f065c
                                                                                                                                                                                    • Opcode Fuzzy Hash: 6be78d4027800b7a0b603401e273eb06b4e90945aea529b341f4504d8117ea36
                                                                                                                                                                                    • Instruction Fuzzy Hash: 3E01D2B2900700CFDB10EF5CD84AB99B7B4FB81734F018579F51557382D331A9029AA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9E6A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E704
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E73D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: %H:%M:%S
                                                                                                                                                                                    • API String ID: 4092853384-1434664181
                                                                                                                                                                                    • Opcode ID: c50e2aa75f6e7aacb5a90febf30c6c5d09963761d6b0e882b1ccdd91dfde1bf1
                                                                                                                                                                                    • Instruction ID: c7286b7aa5c7bd6cd27d3ca673455f8b31a74bb776a516478f2c1495cc39a266
                                                                                                                                                                                    • Opcode Fuzzy Hash: c50e2aa75f6e7aacb5a90febf30c6c5d09963761d6b0e882b1ccdd91dfde1bf1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 0D01D2B2A00644CFDB10EF5CD946BA9B7B0FB44B30F008579F4155B782D331A915DBA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9E780 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E7E4
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E81D
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: %a %b %d %H:%M:%S %Y
                                                                                                                                                                                    • API String ID: 4092853384-1318879718
                                                                                                                                                                                    • Opcode ID: a7556e7b63430439b0a9ac0ba75b331ad2c11fba0bd820bb4b2961dd5abfe7fb
                                                                                                                                                                                    • Instruction ID: 68c04cb52b1501013574766a5deaf427d0b2bee88107ca2dce872289cece5cac
                                                                                                                                                                                    • Opcode Fuzzy Hash: a7556e7b63430439b0a9ac0ba75b331ad2c11fba0bd820bb4b2961dd5abfe7fb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 1601C0B29006049FCB10EF98D846BA5B7A8F745B30F00867AE41547382D332A941BAA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9E860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E8C4
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E8FD
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: %a %b %d %H:%M:%S %Y
                                                                                                                                                                                    • API String ID: 4092853384-1318879718
                                                                                                                                                                                    • Opcode ID: 48e62235a88d6910e4415a04cf1ef3d54625ed73200c04692ed8834ed4d1221c
                                                                                                                                                                                    • Instruction ID: b45bacfcd85c3462b519e35192fdee97e072bddfb2fb33851191dbcd5fb8d842
                                                                                                                                                                                    • Opcode Fuzzy Hash: 48e62235a88d6910e4415a04cf1ef3d54625ed73200c04692ed8834ed4d1221c
                                                                                                                                                                                    • Instruction Fuzzy Hash: C401D2B2900744CFDB10EF9CE847BA9B7B8FB84730F04857AF41557782D331AA419AA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9E940 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9E9A4
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9E9DD
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: %I:%M:%S %p
                                                                                                                                                                                    • API String ID: 4092853384-611667740
                                                                                                                                                                                    • Opcode ID: 80eb325189ba0157176585a60625e6e6c843a764168ce0bbc86898e57a528d5c
                                                                                                                                                                                    • Instruction ID: f22faec40fcdefaae4c01615d01d024597ac3b01bdf4839a08c1ccdcca5f11ad
                                                                                                                                                                                    • Opcode Fuzzy Hash: 80eb325189ba0157176585a60625e6e6c843a764168ce0bbc86898e57a528d5c
                                                                                                                                                                                    • Instruction Fuzzy Hash: 8201F5B1900748DFCB10EF5CD84ABA5BBA9F740720F418279E5194B3D2D372E940DEA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00D9EA20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00D9EA84
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D9EABD
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: %I:%M:%S %p
                                                                                                                                                                                    • API String ID: 4092853384-611667740
                                                                                                                                                                                    • Opcode ID: ecd947a8922bb3d09f2e342c8a4b4cf4baa1c8b16cd405e2fa64523b0e5471f1
                                                                                                                                                                                    • Instruction ID: b54b29b5677f5d536e0f1b28a4bc09873b3d198c3e6aa7d1e518485918946fc8
                                                                                                                                                                                    • Opcode Fuzzy Hash: ecd947a8922bb3d09f2e342c8a4b4cf4baa1c8b16cd405e2fa64523b0e5471f1
                                                                                                                                                                                    • Instruction Fuzzy Hash: 4401F5B1A00644CFCB10EF5CD846BA9B7A1F744B30F40857AE41567392D372AA01DAA2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DDC6D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetCurrentProcess.KERNEL32(../../third_party/crashpad/crashpad/client/crashpad_client_win.cc,0000032C,00000002), ref: 00DDC73B
                                                                                                                                                                                      • Part of subcall function 00DDC770: Sleep.KERNEL32(00000001), ref: 00DDC795
                                                                                                                                                                                      • Part of subcall function 00DDC770: GetCurrentProcess.KERNEL32(../../third_party/crashpad/crashpad/client/crashpad_client_win.cc,000000AF,00000002), ref: 00DDC874
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • not connected, xrefs: 00DDC726
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/client/crashpad_client_win.cc, xrefs: 00DDC714
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CurrentProcess$Sleep
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/client/crashpad_client_win.cc$not connected
                                                                                                                                                                                    • API String ID: 4112775895-3685228723
                                                                                                                                                                                    • Opcode ID: 977d47405117c626fb6a5166a079106d10639225718e6ca7f12b508ae2f8d666
                                                                                                                                                                                    • Instruction ID: d36f83519b8de7c449cf721b79fba985a93cfb197de6804998af2769cf3c22f2
                                                                                                                                                                                    • Opcode Fuzzy Hash: 977d47405117c626fb6a5166a079106d10639225718e6ca7f12b508ae2f8d666
                                                                                                                                                                                    • Instruction Fuzzy Hash: 03014921A2031877DE1077B4AC0BFAD7629DF06720F401026F5193A3D3EB315645CAB2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E68AC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42threadCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00E68B30,00000000,00000000,00000000), ref: 00E68ADF
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/thread/thread_win.cc, xrefs: 00E68B01
                                                                                                                                                                                    • CreateThread, xrefs: 00E68B18
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/thread/thread_win.cc$CreateThread
                                                                                                                                                                                    • API String ID: 2422867632-2064233884
                                                                                                                                                                                    • Opcode ID: 7c1a56d3ec64f8e3587af6b91311e00c99b847b72a1535cb6743475d8bb838fb
                                                                                                                                                                                    • Instruction ID: 3ad93420ece47fd01efba168d5b562d5596b071d2a4c0a669dc8ce6cfad88f7e
                                                                                                                                                                                    • Opcode Fuzzy Hash: 7c1a56d3ec64f8e3587af6b91311e00c99b847b72a1535cb6743475d8bb838fb
                                                                                                                                                                                    • Instruction Fuzzy Hash: 7BF0F0B1F403187BDA0077B86C06DBF7BAECB00700F418129FD05B7281FE60AA0446B9
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00E1C802 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • FindClose.KERNEL32(00E59B54,00E59B54,?), ref: 00E1C818
                                                                                                                                                                                    Strings
                                                                                                                                                                                    • ../../third_party/crashpad/crashpad/util/win/scoped_handle.cc, xrefs: 00E1C837
                                                                                                                                                                                    • FindClose, xrefs: 00E1C84E
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: CloseFind
                                                                                                                                                                                    • String ID: ../../third_party/crashpad/crashpad/util/win/scoped_handle.cc$FindClose
                                                                                                                                                                                    • API String ID: 1863332320-1337471325
                                                                                                                                                                                    • Opcode ID: f1eb3fc20832839cdcae3d39d1c107ead98164760b5cfbcab25350533fddf048
                                                                                                                                                                                    • Instruction ID: 99fc8d9a579bb2132c60cedb8efce45021d83d509b8ab65a065e9029533ba19c
                                                                                                                                                                                    • Opcode Fuzzy Hash: f1eb3fc20832839cdcae3d39d1c107ead98164760b5cfbcab25350533fddf048
                                                                                                                                                                                    • Instruction Fuzzy Hash: 14F0E971F4031C67CA047B689C47EAD772ADF41714F414029F9067B382FE206A05C3B5
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DA12A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: _strlen
                                                                                                                                                                                    • String ID: Y0$Y0
                                                                                                                                                                                    • API String ID: 4218353326-2254081220
                                                                                                                                                                                    • Opcode ID: 0c8a57356f515c5a14059db11d7488ed4535fa8de4e1faea5f8165216f174210
                                                                                                                                                                                    • Instruction ID: 726a38b8d437f323ae0f36eaa487b5c4046787b28195513a726b96f5a79587c9
                                                                                                                                                                                    • Opcode Fuzzy Hash: 0c8a57356f515c5a14059db11d7488ed4535fa8de4e1faea5f8165216f174210
                                                                                                                                                                                    • Instruction Fuzzy Hash: EBF090B69006489BDB10AF1AD885BABFFB8FF84B60F04C06AE8084B715D7344854CAF0
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DEC350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • __Init_thread_header.LIBCMT ref: 00DEC37C
                                                                                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00DEC3AB
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: Init_thread_footerInit_thread_header
                                                                                                                                                                                    • String ID: dummy_histogram
                                                                                                                                                                                    • API String ID: 4092853384-2199933292
                                                                                                                                                                                    • Opcode ID: 4caa629fd09bc76593d13a0d8e168ba0b94414621679a190c1da1effbd9deee9
                                                                                                                                                                                    • Instruction ID: 042bf2e877036f1528f6fa6821a38626d70f52f5441223e7170aa384228920bb
                                                                                                                                                                                    • Opcode Fuzzy Hash: 4caa629fd09bc76593d13a0d8e168ba0b94414621679a190c1da1effbd9deee9
                                                                                                                                                                                    • Instruction Fuzzy Hash: D4F0A074240A45CBC220E7E8F852A9A3351F3CEB10B419229E49116392D731AC82AAF2
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DFEB90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18libraryloaderCOMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetModuleHandleW.KERNEL32(00000000), ref: 00DFEB9E
                                                                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetHandleVerifier), ref: 00DFEBAA
                                                                                                                                                                                    Strings
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                                                                    • String ID: GetHandleVerifier
                                                                                                                                                                                    • API String ID: 1646373207-1090674830
                                                                                                                                                                                    • Opcode ID: 632b9afc6306a5cb7f728dcd92b938e4e2151a996079f4d55bc949af603c0506
                                                                                                                                                                                    • Instruction ID: 662cbd6c930cd186f3793ef3756f040926abc6c20e5035ecd145af3020b62e61
                                                                                                                                                                                    • Opcode Fuzzy Hash: 632b9afc6306a5cb7f728dcd92b938e4e2151a996079f4d55bc949af603c0506
                                                                                                                                                                                    • Instruction Fuzzy Hash: FFD0173028870CB7E65057A5AC0AF353358BB04B0AF16C014F34AA51E0CAA0D500AA76
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                    Function 00DFDAB0 Relevance: 5.1, APIs: 4, Instructions: 105COMMON
                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                    APIs
                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,00DFDAA5,?,?,?,00DC5FBB,?), ref: 00DFDB49
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DFDB80
                                                                                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,00DFDAA5,?,?,?,00DC5FBB,?), ref: 00DFDB93
                                                                                                                                                                                    • SetLastError.KERNEL32(00000000), ref: 00DFDBCE
                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                    • Source File: 0000000C.00000002.2085338172.0000000000D61000.00000020.00000001.01000000.00000014.sdmp, Offset: 00D60000, based on PE: true
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085300221.0000000000D60000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EC7000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085440415.0000000000EF5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085512444.0000000000F10000.00000008.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085542007.0000000000F11000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    • Associated: 0000000C.00000002.2085566978.0000000000F1B000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                                                                    • Snapshot File: hcaresult_12_2_d60000_assistant_installer.jbxd
                                                                                                                                                                                    Similarity
                                                                                                                                                                                    • API ID: ErrorLast
                                                                                                                                                                                    • String ID:
                                                                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                                                                    • Opcode ID: a33484d06091189dc30ba8b7979009d58164170847e7619d3d1b053fe23b4cec
                                                                                                                                                                                    • Instruction ID: 90b3308748e39d582d10292028f7ea878aab27cad8b398dece7b4d0bcd282290
                                                                                                                                                                                    • Opcode Fuzzy Hash: a33484d06091189dc30ba8b7979009d58164170847e7619d3d1b053fe23b4cec
                                                                                                                                                                                    • Instruction Fuzzy Hash: 983159712002099BDB20DF29D486B2AB7E7EB45320F26C82DE68AC7651DB35E841CB75
                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                    Uniqueness Score: -1.00%