Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
ie4uinit.exe

Overview

General Information

Sample name:ie4uinit.exe
Analysis ID:1395538
MD5:054f65e18ad84a4f2d51cfe7931664d2
SHA1:f5cf003d3aa482f687a855ee0f0d65b3773d38e5
SHA256:60271fc88e8a6af9d96127b57c4f1a8e477c3c0fe580e29ff6b233e9a4ab3adc
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Checks if browser processes are running
Contains functionality to compare user and computer (likely to detect sandboxes)
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains sections with non-standard names
Program does not show much activity (idle)
Tries to load missing DLLs
Uses Microsoft's Enhanced Cryptographic Provider
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • ie4uinit.exe (PID: 6364 cmdline: C:\Users\user\Desktop\ie4uinit.exe MD5: 054F65E18AD84A4F2D51CFE7931664D2)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Cryptography
  • Compliance
  • Spreading
  • Networking
  • E-Banking Fraud
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • Anti Debugging
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B3A604 CryptHashCertificate,memcmp,GetLastError,0_2_00007FF674B3A604
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B41610 CryptAcquireContextW,GetLastError,GetLastError,GetLastError,0_2_00007FF674B41610
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B41A34 memcpy_s,CryptCreateHash,CryptHashData,CryptDeriveKey,GetLastError,GetLastError,GetLastError,CryptDestroyHash,GetLastError,GetLastError,GetLastError,0_2_00007FF674B41A34
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B42178 CryptSetKeyParam,memcpy_s,CryptEncrypt,memcpy_s,CryptEncrypt,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,GetLastError,0_2_00007FF674B42178
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B39D90 CryptStringToBinaryW,CryptStringToBinaryW,GetLastError,GetLastError,GetLastError,GetLastError,0_2_00007FF674B39D90
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B41D98 memcpy_s,memcpy_s,CryptGenRandom,memcpy_s,EnterCriticalSection,LeaveCriticalSection,GetLastError,GetLastError,GetLastError,0_2_00007FF674B41D98
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B34570 CryptAcquireContextW,CryptReleaseContext,0_2_00007FF674B34570
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B34B30 CryptGenRandom,GetLastError,SysFreeString,0_2_00007FF674B34B30
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B39AC0 CryptCreateHash,CryptHashData,CryptGetHashParam,GetLastError,CryptDestroyHash,GetLastError,0_2_00007FF674B39AC0
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B3A2C0 CertOpenStore,CertFindCertificateInStore,CryptImportPublicKeyInfo,GetLastError,GetLastError,CertFreeCertificateContext,CertCloseStore,0_2_00007FF674B3A2C0
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B41BC0 CryptDestroyKey,CryptDestroyKey,CryptDestroyKey,CryptReleaseContext,0_2_00007FF674B41BC0
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B39BD8 CryptCreateHash,CryptSetHashParam,CryptVerifySignatureW,GetLastError,CryptDestroyKey,GetLastError,CryptDestroyHash,GetLastError,0_2_00007FF674B39BD8
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B41FDC CryptCreateHash,CryptSetHashParam,CryptHashData,CryptGetHashParam,GetLastError,GetLastError,GetLastError,CryptDestroyHash,GetLastError,GetLastError,GetLastError,0_2_00007FF674B41FDC
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B37B98 CryptBinaryToStringA,CryptBinaryToStringA,GetLastError,GetLastError,0_2_00007FF674B37B98
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B41738 CryptGenRandom,memcpy_s,CryptEncrypt,GetLastError,GetLastError,GetLastError,GetLastError,0_2_00007FF674B41738
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B344F8 CryptReleaseContext,0_2_00007FF674B344F8
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B37904 strnlen,isalnum,CryptStringToBinaryA,CryptStringToBinaryA,GetLastError,GetLastError,0_2_00007FF674B37904
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B418AC CryptImportPublicKeyInfo,GetLastError,GetLastError,GetLastError,CertFreeCertificateContext,CryptGetKeyParam,GetLastError,GetLastError,GetLastError,0_2_00007FF674B418AC
Source: ie4uinit.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: ie4uinit.pdbGCTL source: ie4uinit.exe
Source: Binary string: ie4uinit.pdb source: ie4uinit.exe
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B245D0 GetShortPathNameW,GetShortPathNameW,PathFindFileNameW,GetCurrentDirectoryW,SetCurrentDirectoryW,FindFirstFileW,CoCreateInstance,StrCmpIW,StrCmpIW,PathRemoveBlanksW,StrCmpICW,StrCmpICW,ILCreateFromPath,ILCreateFromPath,RegOpenKeyExW,StrCmpIW,RegCloseKey,ILFree,FindNextFileW,FindClose,FindFirstFileExW,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,SetCurrentDirectoryW,0_2_00007FF674B245D0
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2BE44 SHGetFolderPathW,SetFileAttributesW,GetLastError,SHGetFolderPathW,wcscat_s,wcscat_s,wcscat_s,FindFirstFileW,wcscat_s,FindNextFileW,FindClose,0_2_00007FF674B2BE44
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B24E48 SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,SetCurrentDirectoryW,0_2_00007FF674B24E48
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2C400 CreateFileW,#149,CloseHandle,GetLastError,wcscpy_s,wcscat_s,FindFirstFileW,wcscat_s,FindNextFileW,FindClose,GetLastError,0_2_00007FF674B2C400
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B48468 FindFirstFileExW,GetLastError,FindNextFileW,GetLastError,FindClose,0_2_00007FF674B48468
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B39428 SysAllocString,SysStringLen,HttpSendRequestW,HttpQueryInfoW,InternetReadFile,GetLastError,SysStringByteLen,SysAllocStringByteLen,SysFreeString,GetLastError,SysFreeString,SysAllocString,SysStringByteLen,SysAllocStringByteLen,SysFreeString,0_2_00007FF674B39428
Source: ie4uinit.exeString found in binary or memory: http://www.yandex.com/favicon.ico
Source: ie4uinit.exeString found in binary or memory: https://suggest.yandex.by/suggest-ff.cgi?srv=ie11&part=
Source: ie4uinit.exeString found in binary or memory: https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part=
Source: ie4uinit.exeString found in binary or memory: https://suggest.yandex.kz/suggest-ff.cgi?srv=ie11&part=
Source: ie4uinit.exeString found in binary or memory: https://suggest.yandex.ua/suggest-ff.cgi?srv=ie11&part=
Source: ie4uinit.exeString found in binary or memory: https://www.haosou.com/s?src=win10&ie=utf-8&q=
Source: ie4uinit.exeString found in binary or memory: https://www.sogou.com/tx?hdq=sogou-wsse-6abba5d8ab1f4f32&query=

E-Banking Fraud

barindex
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: GetModuleFileNameW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrStrIW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrCmpICW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp, IEXPLORE.EXE0_2_00007FF674B49078
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: GetModuleFileNameW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrStrIW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrCmpICW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp, microsoftedge.exe0_2_00007FF674B49078
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: GetModuleFileNameW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrStrIW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrCmpICW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp, microsoftedgecp.exe0_2_00007FF674B49078
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: GetModuleFileNameW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrStrIW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrCmpICW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp, microsoftedgebchost.exe0_2_00007FF674B49078
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: GetModuleFileNameW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrStrIW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrCmpICW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp, microsoftedgedevtools.exe0_2_00007FF674B49078
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: GetModuleFileNameW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrStrIW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrCmpICW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp, microsoftedgesh.exe0_2_00007FF674B49078
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B481E4 NtQueryLicenseValue,0_2_00007FF674B481E4
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B4A53C OpenGlobalizationUserSettingsKey,SHGetValueW,CharNextW,#123,GetUserDefaultLocaleName,NtClose,0_2_00007FF674B4A53C
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B47EBC LoadLibraryExW,GetProcAddress,NtQueryLicenseValue,FreeLibrary,NtQueryLicenseValue,0_2_00007FF674B47EBC
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B4AA0C0_2_00007FF674B4AA0C
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2520C0_2_00007FF674B2520C
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B22E200_2_00007FF674B22E20
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B391C40_2_00007FF674B391C4
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B461EC0_2_00007FF674B461EC
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B4BB300_2_00007FF674B4BB30
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B32ABC0_2_00007FF674B32ABC
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B47EBC0_2_00007FF674B47EBC
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2BE440_2_00007FF674B2BE44
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B38A440_2_00007FF674B38A44
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B472480_2_00007FF674B47248
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B21E680_2_00007FF674B21E68
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B47C000_2_00007FF674B47C00
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2AFD80_2_00007FF674B2AFD8
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B25B880_2_00007FF674B25B88
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B473A40_2_00007FF674B473A4
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B22B700_2_00007FF674B22B70
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B234F80_2_00007FF674B234F8
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B469180_2_00007FF674B46918
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B4BCBC0_2_00007FF674B4BCBC
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2607C0_2_00007FF674B2607C
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B42CB00_2_00007FF674B42CB0
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B224380_2_00007FF674B22438
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B3F0600_2_00007FF674B3F060
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2E4700_2_00007FF674B2E470
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: String function: 00007FF674B266E8 appears 44 times
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: ieadvpack.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: iedkcs32.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\ie4uinit.exeSection loaded: mlang.dllJump to behavior
Source: classification engineClassification label: mal48.bank.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B245D0 GetShortPathNameW,GetShortPathNameW,PathFindFileNameW,GetCurrentDirectoryW,SetCurrentDirectoryW,FindFirstFileW,CoCreateInstance,StrCmpIW,StrCmpIW,PathRemoveBlanksW,StrCmpICW,StrCmpICW,ILCreateFromPath,ILCreateFromPath,RegOpenKeyExW,StrCmpIW,RegCloseKey,ILFree,FindNextFileW,FindClose,FindFirstFileExW,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,SetCurrentDirectoryW,0_2_00007FF674B245D0
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B23AC0 #654,FindResourceW,LoadResource,LockResource,wcsrchr,SHCreateDirectory,CreateFileW,SizeofResource,WriteFile,CloseHandle,0_2_00007FF674B23AC0
Source: ie4uinit.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ie4uinit.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: ie4uinit.exeString found in binary or memory: -hide-show-reinstall-apply-UserConfig-IECleanup-UserIconConfig-BaseSettings-ClearIconCache-UpgradeOldHistoryEntries-InitHistoryRoaming-CleanupEmeDataStoresIn HandleDeferredCommand
Source: ie4uinit.exeString found in binary or memory: 1.3.6.1.4.1.311.13.1IE-AddressMIE-AddressIE-SearchBoxMIE-SearchBoxIE-ContextMenuMIE-ContextMenu{searchTerms{count10{startIndex1{startPage{language*{outputEncodingUTF-8{inputEncoding{referrer:source{ie:maxwidth{ie:sectionheight{ie:rowheightMissingtruefalse%luhttp://go.microsoft.com/fwlink/?LinkId=392206FORM=IESR4AFORM=IESR4NFORM=IESR3AFORM=IESR3NFORM=IENAE1FORM=IENAD1FORM=IENAE2FORM=IENAD2FORM=IEMAE2FORM=IEMAD2FORM=IEMAE1FORM=IEMAD1FORM=IESR02FORM=IESS4AFORM=IESS4NFORM=IESS3AFORM=IESS3NFORM=IENSE1FORM=IENSD1FORM=IENSE2FORM=IENSD2FORM=IEMSE2FORM=IEMSD2FORM=IEMSE1FORM=IEMSD1FORM=IESS02FORM=IESR4SFORM=IESR3SFORM=IENDS1FORM=IENDS2FORM=IEMDS2FORM=IEMDS1FORM=IESS4SFORM=IESS3SFORM=IENSS1FORM=IENSS2FORM=IEMSS2FORM=IEMSS1bing.com&pc=%s
Source: ie4uinit.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: ie4uinit.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: ie4uinit.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: ie4uinit.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: ie4uinit.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: ie4uinit.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: ie4uinit.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: ie4uinit.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: ie4uinit.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: ie4uinit.pdbGCTL source: ie4uinit.exe
Source: Binary string: ie4uinit.pdb source: ie4uinit.exe
Source: ie4uinit.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: ie4uinit.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: ie4uinit.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: ie4uinit.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: ie4uinit.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: ie4uinit.exeStatic PE information: 0xCBD62B02 [Sun May 15 03:22:42 2078 UTC]
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2CBE8 LoadLibraryW,GetProcAddress,LocalFree,FreeLibrary,0_2_00007FF674B2CBE8
Source: ie4uinit.exeStatic PE information: section name: .didat

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: GetModuleFileNameW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrStrIW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,StrCmpICW,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,0_2_00007FF674B49078
Source: C:\Users\user\Desktop\ie4uinit.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-12148
Source: C:\Users\user\Desktop\ie4uinit.exeAPI coverage: 0.5 %
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B40A14 GetSystemTimeAsFileTime followed by cmp: cmp ebx, 01h and CTI: je 00007FF674B40A89h0_2_00007FF674B40A14
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B40A14 GetSystemTimeAsFileTime followed by cmp: cmp ebx, 02h and CTI: je 00007FF674B40A82h0_2_00007FF674B40A14
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B40A14 GetSystemTimeAsFileTime followed by cmp: cmp eax, 01h and CTI: jnbe 00007FF674B40A92h0_2_00007FF674B40A14
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B245D0 GetShortPathNameW,GetShortPathNameW,PathFindFileNameW,GetCurrentDirectoryW,SetCurrentDirectoryW,FindFirstFileW,CoCreateInstance,StrCmpIW,StrCmpIW,PathRemoveBlanksW,StrCmpICW,StrCmpICW,ILCreateFromPath,ILCreateFromPath,RegOpenKeyExW,StrCmpIW,RegCloseKey,ILFree,FindNextFileW,FindClose,FindFirstFileExW,lstrcmpW,lstrcmpW,FindNextFileW,FindClose,SetCurrentDirectoryW,0_2_00007FF674B245D0
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2BE44 SHGetFolderPathW,SetFileAttributesW,GetLastError,SHGetFolderPathW,wcscat_s,wcscat_s,wcscat_s,FindFirstFileW,wcscat_s,FindNextFileW,FindClose,0_2_00007FF674B2BE44
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B24E48 SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,SetCurrentDirectoryW,0_2_00007FF674B24E48
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2C400 CreateFileW,#149,CloseHandle,GetLastError,wcscpy_s,wcscat_s,FindFirstFileW,wcscat_s,FindNextFileW,FindClose,GetLastError,0_2_00007FF674B2C400
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B48468 FindFirstFileExW,GetLastError,FindNextFileW,GetLastError,FindClose,0_2_00007FF674B48468
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2C9CC GetSystemInfo,#701,IsJITInProgress,GetSystemInfo,IsJITInProgress,#701,IsJITInProgress,IsJITInProgress,IsJITInProgress,EnterCriticalSection,LeaveCriticalSection,0_2_00007FF674B2C9CC
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B28A24 GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,0_2_00007FF674B28A24
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B2CBE8 LoadLibraryW,GetProcAddress,LocalFree,FreeLibrary,0_2_00007FF674B2CBE8
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B499FC GetProcessHeap,GetTokenInformation,ConvertSidToStringSidW,GetLastError,GetProcessHeap,HeapFree,CloseHandle,0_2_00007FF674B499FC
Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B275FC SetUnhandledExceptionFilter,RaiseException,0_2_00007FF674B275FC
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B4C2A4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF674B4C2A4
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B4C780 SetUnhandledExceptionFilter,0_2_00007FF674B4C780
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B40A14 GetSystemTimeAsFileTime,0_2_00007FF674B40A14
Source: C:\Users\user\Desktop\ie4uinit.exeCode function: 0_2_00007FF674B23988 memset,GetVersionExA,0_2_00007FF674B23988

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		1
Process Injection		OS Credential Dumping11
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Native API		Boot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory12
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Timestomp		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
DLL Side-Loading		LSA Secrets4
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1395538 Sample: ie4uinit.exe Startdate: 20/02/2024 Architecture: WINDOWS Score: 48 4 ie4uinit.exe 2->4         started        signatures3 7 Checks if browser processes are running 4->7 9 Contains functionality to compare user and computer (likely to detect sandboxes) 4->9

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
ie4uinit.exe0%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part=0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
https://suggest.yandex.by/suggest-ff.cgi?srv=ie11&part=ie4uinit.exefalse
    		high
    https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part=ie4uinit.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://suggest.yandex.kz/suggest-ff.cgi?srv=ie11&part=ie4uinit.exefalse
      		high
      https://suggest.yandex.ua/suggest-ff.cgi?srv=ie11&part=ie4uinit.exefalse
        		high
        http://www.yandex.com/favicon.icoie4uinit.exefalse
          		high
          https://www.haosou.com/s?src=win10&ie=utf-8&q=ie4uinit.exefalse
            		high
            https://www.sogou.com/tx?hdq=sogou-wsse-6abba5d8ab1f4f32&query=ie4uinit.exefalse
              		high

              World Map of Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox version:40.0.0 Tourmaline
              Analysis ID:1395538
              Start date and time:2024-02-20 19:15:04 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 2m 11s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:2
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:ie4uinit.exe
              Detection:MAL
              Classification:mal48.bank.evad.winEXE@1/0@0/0
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 100%
              • Number of executed functions: 3
              • Number of non-executed functions: 232
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Stop behavior analysis, all processes terminated
              • Exclude process from analysis (whitelisted): dllhost.exe
              • VT rate limit hit for: ie4uinit.exe

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASNs

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              No created / dropped files found

              Static File Info

              General

              File type:PE32+ executable (GUI) x86-64, for MS Windows
              Entropy (8bit):6.138880353693972
              TrID:
              • Win64 Executable GUI (202006/5) 92.65%
              • Win64 Executable (generic) (12005/4) 5.51%
              • Generic Win/DOS Executable (2004/3) 0.92%
              • DOS Executable Generic (2002/1) 0.92%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:ie4uinit.exe
              File size:263'168 bytes
              MD5:054f65e18ad84a4f2d51cfe7931664d2
              SHA1:f5cf003d3aa482f687a855ee0f0d65b3773d38e5
              SHA256:60271fc88e8a6af9d96127b57c4f1a8e477c3c0fe580e29ff6b233e9a4ab3adc
              SHA512:b7554657720c70cac1e9db08ef4b60e009f0e5af1179cdaca435e67792a31e4307ef889e552a57aa3edb1a5d0507c678fa13a3f182f966cd8f9d97e9e69d6d33
              SSDEEP:6144:WsCDhVaxhsycCfF1kf2QM88sb+Jmvaj0/W6gEAZAW2a:WsCFVaxFclso+JmX/Pg3
              TLSH:4544091D22F918E8ED76963DC5678215E6B278312711D6DF02A0C27D0F23AE5BE39F12
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......i..t-..'-..'-..'9..&...'9..&0..'9..&(..'9..&...'-..'k..'9..&[..'9.!',..'9..&,..'Rich-..'........PE..d....+............"........

              File Icon

              Icon Hash:00928e8e8686b000

              Static PE Info

              General

              Entrypoint:0x14002c250
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x140000000
              Subsystem:windows gui
              Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
              DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
              Time Stamp:0xCBD62B02 [Sun May 15 03:22:42 2078 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:10
              OS Version Minor:0
              File Version Major:10
              File Version Minor:0
              Subsystem Version Major:10
              Subsystem Version Minor:0
              Import Hash:69bf75b22c2d05c4dec7cf56001d46f3
              Instruction
              dec eax
              sub esp, 28h
              call 00007FDAB460BC30h
              dec eax
              add esp, 28h
              jmp 00007FDAB460B2B3h
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              nop word ptr [eax+eax+00000000h]
              dec eax
              cmp ecx, dword ptr [00012501h]
              jne 00007FDAB460B542h
              dec eax
              rol ecx, 10h
              test cx, FFFFh
              jne 00007FDAB460B533h
              ret
              dec eax
              ror ecx, 10h
              jmp 00007FDAB460B577h
              int3
              int3
              int3
              int3
              int3
              int3
              inc eax
              push ebx
              dec eax
              sub esp, 20h
              dec eax
              mov ebx, ecx
              xor ecx, ecx
              call dword ptr [000038BBh]
              dec eax
              mov ecx, ebx
              call dword ptr [000038AAh]
              call dword ptr [000037FCh]
              dec eax
              mov ecx, eax
              mov edx, C0000409h
              dec eax
              add esp, 20h
              pop ebx
              dec eax
              jmp dword ptr [000038A0h]
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              int3
              dec eax
              mov dword ptr [esp+08h], ecx
              dec eax
              sub esp, 00000088h
              dec eax
              lea ecx, dword ptr [0001261Dh]
              call dword ptr [00003ED7h]
              dec eax
              mov eax, dword ptr [00012708h]
              dec eax
              mov dword ptr [esp+48h], eax
              inc ebp
              xor eax, eax
              dec eax
              lea edx, dword ptr [esp+50h]
              dec eax
              mov ecx, dword ptr [esp+48h]
              call dword ptr [00003EC0h]
              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x3b0180x1a4.rdata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x430000x1570.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x400000x1df4.pdata
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x450000x50c.reloc
              IMAGE_DIRECTORY_ENTRY_DEBUG0x38b200x54.rdata
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x2f5680x28.rdata
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2f4500x118.rdata
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x2f5900xce8.rdata
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3af880x40.rdata
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x10000x2c1bd0x2c200609f1e28e2bda96962020709930650b8False0.5256562057365439data6.2527805838416555IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              .rdata0x2e0000xf7be0xf8004bfa7cddf1e104ef8d0765389e6b5fe1False0.35798891129032256data4.71742574509677IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .data0x3e0000x15500xa00966f1be6bdd4bdd947ddb063a3163934False0.19140625COM executable for DOS1.815225242572725IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .pdata0x400000x1df40x1e002362210a782a99ce533b77636efec683False0.5287760416666667PEX Binary Archive5.466965215054765IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .didat0x420000x280x2000ed9f6fcd22b50b4b597ddb4fff4e126False0.056640625data0.35064057787291114IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
              .rsrc0x430000x15700x1600ad655a376d059ee693a6b5524c376f9aFalse0.3380681818181818data5.262932416621954IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .reloc0x450000x50c0x6007f10fd6eb63d90a9f87ac268a803405bFalse0.5638020833333334data4.987792960988635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
              NameRVASizeTypeLanguageCountryZLIB Complexity
              MUI0x444a00xd0dataEnglishUnited States0.5384615384615384
              RT_RCDATA0x438b00xbeaXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.27311475409836067
              RT_VERSION0x435200x38cPGP symmetric key encrypted data - Plaintext or unencrypted dataEnglishUnited States0.46916299559471364
              RT_MANIFEST0x431400x3dbXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.48226950354609927
              DLLImport
              ADVAPI32.dllRegQueryValueExW, RegEnumValueW, ConvertSidToStringSidW, EventUnregister, RegOpenKeyExW, FreeSid, RegSetValueExW, EventSetInformation, RegCreateKeyExW, EventRegister, RegCloseKey, RegSetValueW, RegOpenKeyW, RegDeleteValueW, RegCreateKeyW, RegEnumKeyExW, RegDeleteKeyW, RegQueryInfoKeyW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, GetTokenInformation, OpenThreadToken, RegSetKeyValueW, CryptSetKeyParam, CryptDeriveKey, CryptGetKeyParam, CryptEncrypt, CryptDestroyKey, CryptVerifySignatureW, CryptSetHashParam, CryptGenRandom, CryptDestroyHash, CryptGetHashParam, CryptHashData, CryptCreateHash, CryptReleaseContext, CryptAcquireContextW, EventWriteEx, RegGetValueW, EventWriteTransfer, GetSecurityDescriptorSacl, GetAce, SetNamedSecurityInfoW, CopySid, GetNamedSecurityInfoW, ConvertStringSidToSidW, IsValidSid, OpenProcessToken, GetKernelObjectSecurity, AddAccessAllowedAceEx, GetLengthSid
              KERNEL32.dllGetCurrentThread, OpenFileMappingW, GetSystemDirectoryW, GetEnvironmentVariableW, SetErrorMode, GetModuleFileNameW, HeapFree, GetExitCodeProcess, GetTempFileNameW, DuplicateHandle, GetTempPathW, CompareStringOrdinal, ExpandEnvironmentStringsW, GetStdHandle, GetLocalTime, CreateThread, SetEvent, FormatMessageW, CreateEventW, WaitForSingleObject, SetFilePointer, DelayLoadFailureHook, ResolveDelayLoadedAPI, CreateFile2, RemoveDirectoryW, AcquireSRWLockShared, CreateThreadpoolTimer, ReleaseSRWLockShared, SetThreadpoolTimer, CloseThreadpoolTimer, WaitForThreadpoolTimerCallbacks, lstrcmpW, GetTickCount, CreateProcessW, SetCurrentDirectoryW, InitializeCriticalSectionEx, QueueUserWorkItem, QueryPerformanceFrequency, FlushViewOfFile, SystemTimeToFileTime, GetSystemTime, MapViewOfFile, CreateFileMappingW, FlushFileBuffers, SetEndOfFile, LCMapStringW, GetFullPathNameW, OpenMutexW, GetFileSizeEx, SetFileTime, UnmapViewOfFile, MultiByteToWideChar, CreateMutexW, LocaleNameToLCID, DeleteCriticalSection, LoadLibraryW, GetSystemInfo, GetUserPreferredUILanguages, InitializeCriticalSection, LeaveCriticalSection, GetProductInfo, EnterCriticalSection, GetFileAttributesW, IsDebuggerPresent, DebugBreak, CreateMutexExW, OpenSemaphoreW, WaitForSingleObjectEx, OutputDebugStringW, ReleaseMutex, GetModuleHandleExW, ReleaseSemaphore, SetLastError, CreateSemaphoreExW, GetModuleFileNameA, WideCharToMultiByte, GetNativeSystemInfo, IsWow64Process, InitOnceExecuteOnce, GetCurrentDirectoryW, FindResourceW, LoadResource, CloseHandle, DeleteFileW, LockResource, GetVersionExA, SetFileAttributesW, GetVersionExW, CreateFileW, FindClose, GetShortPathNameW, WriteFile, GetCurrentProcess, FindNextFileW, SetPriorityClass, FindFirstFileExW, FindFirstFileW, SizeofResource, ReadFile, LoadLibraryExW, VerifyVersionInfoW, FreeLibrary, GetModuleHandleW, GetProcessHeap, VerSetConditionMask, LocalFree, GetProcAddress, HeapAlloc, HeapSetInformation, RaiseException, GetLastError, Sleep, GetStartupInfoW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, RaiseFailFastException
              USER32.dllCharNextW, GetMessageW, PostThreadMessageW, PostMessageW, LoadStringW, GetShellWindow, SendMessageTimeoutW
              msvcrt.dll_wtoi, rand_s, isalnum, strnlen, wcsnlen, wcsncpy_s, _vsnwprintf_s, wcscat_s, wcscpy_s, wcsncmp, wcschr, _ultow_s, _wcsicmp, _wcsnicmp, wcsrchr, swscanf_s, sprintf_s, _wfopen_s, fclose, fgetws, _XcptFilter, _amsg_exit, __wgetmainargs, __set_app_type, iswalpha, _time64, memcpy_s, _vsnwprintf, _CxxThrowException, exit, _exit, _cexit, __setusermatherr, _initterm, __C_specific_handler, memcmp, memmove_s, ?terminate@@YAXXZ, ??1type_info@@UEAA@XZ, _onexit, __dllonexit, _unlock, _lock, _commode, _fmode, _wcmdln, memset
              SHELL32.dllCommandLineToArgvW, SHGetKnownFolderPath, SHChangeNotify, SHCreateItemFromParsingName, SHGetSpecialFolderLocation, SHGetFolderPathW, SHCreateDirectoryExW, SHGetSpecialFolderPathW, SHGetDesktopFolder, SHSetLocalizedName
              ntdll.dllRtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, NtClose, NtQueryLicenseValue
              IEADVPACK.dllExecuteCabW
              SHLWAPI.dllSHDeleteValueW, StrCmpIW, SHRegSetUSValueW, StrCmpNIW, SHCopyKeyW, SHRegGetUSValueW, UrlCreateFromPathW, UrlCanonicalizeW, PathIsURLW, PathFileExistsW, SHDeleteKeyW, PathRemoveBlanksW, PathFindFileNameW, PathRemoveExtensionW, SHGetValueW, SHSetValueW, StrTrimW, StrStrW, StrCmpNIA, StrCmpNA, StrCmpNW, UrlEscapeW, UrlUnescapeW, StrCmpW, UrlApplySchemeW, SHRegDeleteUSValueW, PathIsNetworkPathW, SHStrDupW, StrStrIW
              iertutil.dll
              OLEAUT32.dllVariantInit, VariantClear, VarBstrCat, SysAllocString, SysStringLen, SysAllocStringLen, VariantCopy, SysAllocStringByteLen, SysStringByteLen, SysFreeString, VarBstrCmp
              ole32.dllCoTaskMemFree, OleInitialize, CoInitializeEx, PropVariantClear, CoTaskMemAlloc, CoCreateInstance, OleUninitialize, CoUninitialize, CoCreateGuid, StringFromGUID2
              iedkcs32.dllBrandIEActiveSetup
              KERNELBASE.dllGetSystemDefaultLocaleName, GetUserDefaultLocaleName, LocalAlloc, OpenGlobalizationUserSettingsKey
              CRYPT32.dllCertGetCertificateContextProperty, CertEnumCertificatesInStore, CryptStringToBinaryA, CryptBinaryToStringA, CertGetIntendedKeyUsage, CertGetEnhancedKeyUsage, CryptStringToBinaryW, CertGetNameStringW, CertOpenStore, CertCreateCertificateContext, CertAddCertificateContextToStore, CertFreeCertificateContext, CertCloseStore, CryptImportPublicKeyInfo, CertGetCertificateChain, CertFindCertificateInStore, CertVerifyCertificateChainPolicy, CertFreeCertificateChain, CryptHashCertificate
              urlmon.dllCreateUri, CreateIUriBuilder
              WININET.dllInternetConnectW, InternetCrackUrlW, InternetCanonicalizeUrlW, InternetReadFile, HttpOpenRequestW, InternetCloseHandle, HttpSendRequestW, HttpQueryInfoW, InternetOpenW
              SLC.dllSLGetWindowsInformationDWORD
              NETAPI32.dllNetApiBufferFree, NetGetJoinInformation
              VERSION.dllGetFileVersionInfoSizeExW, GetFileVersionInfoExW, VerQueryValueW
              MLANG.dll

              Possible Origin

              Language of compilation systemCountry where language is spokenMap
              EnglishUnited States

              Network Behavior

              No network behavior found

              Statistics

              CPU Usage

              0246810s020406080100

              Click to jump to process

              Memory Usage

              0246810sMB

              Click to jump to process

              System Behavior

              General

              Target ID:0
              Start time:19:16:03
              Start date:20/02/2024
              Path:C:\Users\user\Desktop\ie4uinit.exe
              Wow64 process (32bit):false
              Commandline:C:\Users\user\Desktop\ie4uinit.exe
              Imagebase:0x7ff674b20000
              File size:263'168 bytes
              MD5 hash:054F65E18AD84A4F2D51CFE7931664D2
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low
              Has exited:true
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              Show Windows behavior

              Section Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Thread Activities

              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
              There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

              Disassembly

              Execution Graph

              Execution Coverage

              Dynamic/Packed Code Coverage

              Signature Coverage

              Execution Coverage:0.4%
              Dynamic/Decrypted Code Coverage:0%
              Signature Coverage:37.3%
              Total number of Nodes:67
              Total number of Limit Nodes:3
              Show Legend
              Hide Nodes/Edges
              execution_graph 12087 7ff674b21310 12090 7ff674b27ba4 #650 12087->12090 12091 7ff674b2132d 12090->12091 12092 7ff674b4bfe0 GetStartupInfoW 12093 7ff674b4c01f 12092->12093 12094 7ff674b4c031 12093->12094 12095 7ff674b4c03a Sleep 12093->12095 12096 7ff674b4c056 _amsg_exit 12094->12096 12099 7ff674b4c064 12094->12099 12095->12093 12096->12099 12097 7ff674b4c0da _initterm 12100 7ff674b4c0f7 _IsNonwritableInCurrentImage 12097->12100 12098 7ff674b4c0bb 12099->12097 12099->12098 12099->12100 12100->12098 12106 7ff674b234f8 EventRegister 12100->12106 12103 7ff674b4c1b8 exit 12104 7ff674b4c1c0 12103->12104 12104->12098 12105 7ff674b4c1c9 _cexit 12104->12105 12105->12098 12107 7ff674b235a1 12106->12107 12108 7ff674b23580 EventSetInformation 12106->12108 12109 7ff674b235ab HeapSetInformation OleInitialize 12107->12109 12110 7ff674b23875 12107->12110 12108->12107 12111 7ff674b235d9 SetErrorMode CommandLineToArgvW 12109->12111 12112 7ff674b2382d 12109->12112 12135 7ff674b4c280 12110->12135 12114 7ff674b23805 GetLastError 12111->12114 12115 7ff674b23614 memset 12111->12115 12120 7ff674b266e8 12 API calls 12112->12120 12117 7ff674b2381f OleUninitialize 12114->12117 12118 7ff674b2366c CreateEventW 12115->12118 12119 7ff674b23653 12115->12119 12117->12112 12123 7ff674b236f6 12118->12123 12124 7ff674b23696 CreateThread 12118->12124 12143 7ff674b21574 12119->12143 12122 7ff674b23848 12120->12122 12158 7ff674b26874 12122->12158 12146 7ff674b266e8 12123->12146 12124->12123 12126 7ff674b236cf WaitForSingleObject CloseHandle 12124->12126 12126->12123 12129 7ff674b237f4 LocalFree 12129->12117 12130 7ff674b237ec 12130->12129 12131 7ff674b23736 StrCmpNIW 12132 7ff674b2370c 12131->12132 12132->12129 12132->12130 12132->12131 12134 7ff674b266e8 12 API calls 12132->12134 12154 7ff674b22900 12132->12154 12134->12132 12136 7ff674b4c289 12135->12136 12137 7ff674b23886 12136->12137 12138 7ff674b4c2e0 RtlCaptureContext RtlLookupFunctionEntry 12136->12138 12137->12103 12137->12104 12139 7ff674b4c367 12138->12139 12140 7ff674b4c325 RtlVirtualUnwind 12138->12140 12163 7ff674b4c2a4 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 12139->12163 12140->12139 12144 7ff674b215a3 _vsnwprintf 12143->12144 12145 7ff674b215c4 12143->12145 12144->12145 12145->12118 12147 7ff674b267ca 12146->12147 12148 7ff674b2671d GetLocalTime 12146->12148 12150 7ff674b4c280 7 API calls 12147->12150 12164 7ff674b267e8 12148->12164 12152 7ff674b267d8 12150->12152 12152->12132 12153 7ff674b267ae PostThreadMessageW 12153->12147 12155 7ff674b22933 12154->12155 12156 7ff674b4c280 7 API calls 12155->12156 12157 7ff674b22954 12156->12157 12157->12132 12159 7ff674b26887 12158->12159 12160 7ff674b23854 EventUnregister 12158->12160 12161 7ff674b268bd CloseHandle 12159->12161 12162 7ff674b26890 PostThreadMessageW WaitForSingleObject 12159->12162 12160->12110 12161->12160 12162->12161 12165 7ff674b26807 FormatMessageW 12164->12165 12166 7ff674b26768 FormatMessageW 12164->12166 12165->12166 12167 7ff674b26848 PostThreadMessageW 12165->12167 12166->12147 12166->12153 12167->12166 12168 7ff674b4bf90 __wgetmainargs

              Executed Functions

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 7ff674b4bfe0-7ff674b4c01c GetStartupInfoW 1 7ff674b4c01f-7ff674b4c02a 0->1 2 7ff674b4c02c-7ff674b4c02f 1->2 3 7ff674b4c047 1->3 4 7ff674b4c03a-7ff674b4c045 Sleep 2->4 5 7ff674b4c031-7ff674b4c038 2->5 6 7ff674b4c04c-7ff674b4c054 3->6 4->1 5->6 7 7ff674b4c056-7ff674b4c062 _amsg_exit 6->7 8 7ff674b4c064-7ff674b4c06c 6->8 9 7ff674b4c0d0-7ff674b4c0d8 7->9 10 7ff674b4c0c5 8->10 11 7ff674b4c06e-7ff674b4c08a 8->11 14 7ff674b4c0da-7ff674b4c0ed _initterm 9->14 15 7ff674b4c0f7-7ff674b4c0f9 9->15 13 7ff674b4c0cb 10->13 12 7ff674b4c08e-7ff674b4c091 11->12 18 7ff674b4c0b7-7ff674b4c0b9 12->18 19 7ff674b4c093-7ff674b4c095 12->19 13->9 14->15 16 7ff674b4c0fb-7ff674b4c0fe 15->16 17 7ff674b4c105-7ff674b4c10c 15->17 16->17 20 7ff674b4c138-7ff674b4c145 17->20 21 7ff674b4c10e-7ff674b4c11c call 7ff674b4c8c0 17->21 18->13 22 7ff674b4c0bb-7ff674b4c0c0 18->22 19->22 23 7ff674b4c097-7ff674b4c09a 19->23 27 7ff674b4c147-7ff674b4c14c 20->27 28 7ff674b4c151-7ff674b4c156 20->28 21->20 32 7ff674b4c11e-7ff674b4c12e 21->32 29 7ff674b4c226-7ff674b4c243 22->29 25 7ff674b4c0ac-7ff674b4c0b5 23->25 26 7ff674b4c09c-7ff674b4c0a8 23->26 25->12 26->25 27->29 31 7ff674b4c15a-7ff674b4c161 28->31 34 7ff674b4c1d7-7ff674b4c1db 31->34 35 7ff674b4c163-7ff674b4c166 31->35 32->20 36 7ff674b4c1eb-7ff674b4c1f4 34->36 37 7ff674b4c1dd-7ff674b4c1e7 34->37 38 7ff674b4c16c-7ff674b4c172 35->38 39 7ff674b4c168-7ff674b4c16a 35->39 36->29 36->31 37->36 40 7ff674b4c182-7ff674b4c1b6 call 7ff674b234f8 38->40 41 7ff674b4c174-7ff674b4c180 38->41 39->34 39->38 44 7ff674b4c1b8-7ff674b4c1ba exit 40->44 45 7ff674b4c1c0-7ff674b4c1c7 40->45 41->38 44->45 46 7ff674b4c1c9-7ff674b4c1cf _cexit 45->46 47 7ff674b4c1d5 45->47 46->47 47->29
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CurrentImageInfoNonwritableSleepStartup_amsg_exit_cexit_inittermexit
              • String ID:
              • API String ID: 642454821-0
              • Opcode ID: 9da82ac5b85e3a381c90719c6fec9ba80c5a90861ad1e3cd64d1f3421668b425
              • Instruction ID: e853d827866042293c3a8d6af74cd726e980f7f07512690faea3144738fea3ff
              • Opcode Fuzzy Hash: 9da82ac5b85e3a381c90719c6fec9ba80c5a90861ad1e3cd64d1f3421668b425
              • Instruction Fuzzy Hash: 24612827A28642C2FB609F29E4C8279A2A1FB46F84F554036DA4DD3795DF3CED91C701
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 48 7ff674b27ba4-7ff674b27bdc #650 49 7ff674b27be7-7ff674b27bf1 48->49 50 7ff674b27bde-7ff674b27be5 48->50 50->49
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: #650
              • String ID:
              • API String ID: 936228084-0
              • Opcode ID: 7d5f5a053196136d3436f291fa603ed3c42ffaa005fb086b4074728cf57a5870
              • Instruction ID: d826eb8d6cb1727a6dffb6c15502ea980079beff6e775d0d604f1612f503ac37
              • Opcode Fuzzy Hash: 7d5f5a053196136d3436f291fa603ed3c42ffaa005fb086b4074728cf57a5870
              • Instruction Fuzzy Hash: CBF01573614B41C7D7008F56E58815CBAA1F788F94B98C03AC74883724DF34E8A5CA14
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 51 7ff674b4bf90-7ff674b4bfd8 __wgetmainargs
              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: __wgetmainargs
              • String ID:
              • API String ID: 1709950718-0
              • Opcode ID: 322e22120a4074f5f4e04645174972c6a5e73387fd47f3108d6b69dacbb940b0
              • Instruction ID: 266904403670cc442a4985347c44d572c238576859c257620e762f64d77fda28
              • Opcode Fuzzy Hash: 322e22120a4074f5f4e04645174972c6a5e73387fd47f3108d6b69dacbb940b0
              • Instruction Fuzzy Hash: 35E07576E28787D6EA10DF91E8984A4F7A0FB56B04F840176D44D96330EF3CA9DACB01
              Uniqueness

              Uniqueness Score: -1.00%

              Non-executed Functions

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 55 7ff674b49078-7ff674b4909b 56 7ff674b49432-7ff674b4944c call 7ff674b4c280 55->56 57 7ff674b490a1-7ff674b490bc GetModuleFileNameW 55->57 58 7ff674b49429 57->58 59 7ff674b490c2-7ff674b490e7 call 7ff674b4cace _wcsicmp 57->59 61 7ff674b4942c 58->61 65 7ff674b490e9-7ff674b490ec 59->65 66 7ff674b490f1-7ff674b49109 _wcsicmp 59->66 61->56 65->61 67 7ff674b4910b-7ff674b4910e 66->67 68 7ff674b49113-7ff674b4912b _wcsicmp 66->68 67->61 69 7ff674b4912d-7ff674b49130 68->69 70 7ff674b49135-7ff674b4914d _wcsicmp 68->70 69->61 71 7ff674b49157-7ff674b4916f _wcsicmp 70->71 72 7ff674b4914f-7ff674b49152 70->72 73 7ff674b49179-7ff674b49191 _wcsicmp 71->73 74 7ff674b49171-7ff674b49174 71->74 72->61 75 7ff674b4919b-7ff674b491b3 _wcsicmp 73->75 76 7ff674b49193-7ff674b49196 73->76 74->61 77 7ff674b491b9-7ff674b491d1 _wcsicmp 75->77 78 7ff674b49422-7ff674b49427 75->78 76->61 77->78 79 7ff674b491d7-7ff674b491ef _wcsicmp 77->79 78->61 79->78 80 7ff674b491f5-7ff674b4920d _wcsicmp 79->80 80->78 81 7ff674b49213-7ff674b4922b _wcsicmp 80->81 82 7ff674b4922d-7ff674b49230 81->82 83 7ff674b49235-7ff674b4924d _wcsicmp 81->83 82->61 84 7ff674b49257-7ff674b4926f _wcsicmp 83->84 85 7ff674b4924f-7ff674b49252 83->85 86 7ff674b49279-7ff674b49291 _wcsicmp 84->86 87 7ff674b49271-7ff674b49274 84->87 85->61 88 7ff674b4929b-7ff674b492b3 _wcsicmp 86->88 89 7ff674b49293-7ff674b49296 86->89 87->61 90 7ff674b492bd-7ff674b492d5 _wcsicmp 88->90 91 7ff674b492b5-7ff674b492b8 88->91 89->61 92 7ff674b492d7-7ff674b492da 90->92 93 7ff674b492df-7ff674b492f8 StrStrIW 90->93 91->61 92->61 94 7ff674b492fa-7ff674b492ff 93->94 95 7ff674b49304-7ff674b4931c _wcsicmp 93->95 94->61 96 7ff674b49326-7ff674b4933e _wcsicmp 95->96 97 7ff674b4931e-7ff674b49321 95->97 98 7ff674b4941b-7ff674b49420 96->98 99 7ff674b49344-7ff674b4935c _wcsicmp 96->99 97->61 98->61 99->98 100 7ff674b49362-7ff674b4937a _wcsicmp 99->100 100->98 101 7ff674b49380-7ff674b49391 StrCmpICW 100->101 102 7ff674b4939b-7ff674b493b3 _wcsicmp 101->102 103 7ff674b49393-7ff674b49396 101->103 104 7ff674b493ba-7ff674b493d2 _wcsicmp 102->104 105 7ff674b493b5-7ff674b493b8 102->105 103->61 106 7ff674b493d9-7ff674b493f1 _wcsicmp 104->106 107 7ff674b493d4-7ff674b493d7 104->107 105->61 108 7ff674b493f8-7ff674b49419 _wcsicmp 106->108 109 7ff674b493f3-7ff674b493f6 106->109 107->61 108->61 109->61
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: _wcsicmp$FileModuleName
              • String ID: DCIScanner$EXPLORER.EXE$FAKEVIRTUALSURFACETESTAPP.EXE$FirstLogonAnim.exe$IEUTLAUNCH.EXE$IEXPLORE.EXE$LOADER42.EXE$MSFEEDSSYNC.EXE$MSHTMPAD.EXE$MSOOBE.EXE$NETPLWIZ.EXE$RESTOREOPTIN.EXE$SYSPREP.EXE$TE.EXE$Te.ProcessHost.exe$USERACCOUNTBROKER.EXE$WWAHOST.EXE$authhost.exe$browser_broker.exe$jshost.exe$microsoftedge.exe$microsoftedgebchost.exe$microsoftedgecp.exe$microsoftedgedevtools.exe$microsoftedgesh.exe$pickerhost.exe
              • API String ID: 1034258996-1180723254
              • Opcode ID: e5e6a1bc840d25c17b83aa237c5cd1d854911dd46cdf97a3bb4bf43cf9c52e73
              • Instruction ID: 4cd2501f3ea914d55bc4ba6c387009ad84576a3ff49cbc2b0f2d64aef917fc09
              • Opcode Fuzzy Hash: e5e6a1bc840d25c17b83aa237c5cd1d854911dd46cdf97a3bb4bf43cf9c52e73
              • Instruction Fuzzy Hash: DBB1B326628742C6EA148B39E8D8679E7A1FF47FC5F859174C90FC2294EF7CE948C601
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: QueryValuememset$CloseOpen_vsnwprintf
              • String ID: %s\%u$Arial$Courier New$DaunPenh$David$DokChampa$Estrangelo Edessa$Euphemia$Gautami$Gulim$GulimChe$IEFixedFontName$IEPropFontName$Iskoola Pota$Kalinga$Kartika$Latha$MS Gothic$MS PGothic$MV Boli$Mangal$Microsoft Himalaya$Microsoft Yi Baiti$MingLiu$Miriam Fixed$Mongolian Baiti$Myanmar Text$NSimsun$Nyala$PMingLiu$Plantagenet Cherokee$Raavi$Segoe UI Symbol$Shruti$Simplified Arabic$Simplified Arabic Fixed$Simsun$Sylfaen$Tahoma$Times New Roman$Tunga$Vrinda$software\microsoft\Internet Explorer\International\Scripts
              • API String ID: 3838326566-3455815564
              • Opcode ID: bb95d98c0b9ce52d2afee0030d27698f1cacf6dbb2a86d5c0c801d4b92472ba7
              • Instruction ID: 4bf46f346bb7fc7c1052422a7f218fe20fbd6b0a237bf1e9c693c9260725e779
              • Opcode Fuzzy Hash: bb95d98c0b9ce52d2afee0030d27698f1cacf6dbb2a86d5c0c801d4b92472ba7
              • Instruction Fuzzy Hash: 76F1DD37925F82D9E721CF20E8846E9B7A8FB49B48F504236DA4D87B24DF38D695C740
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 142 7ff674b22438-7ff674b224a7 RegCreateKeyExW 143 7ff674b224a9-7ff674b224d7 SHCopyKeyW RegCloseKey 142->143 144 7ff674b224dc-7ff674b22502 GetSystemDirectoryW 142->144 143->144 145 7ff674b2256b-7ff674b22612 #33 call 7ff674b21e68 SHFlushSFCache _time64 SHRegSetUSValueW memset GetModuleHandleW GetModuleFileNameW 144->145 146 7ff674b22504-7ff674b22519 call 7ff674b2ad88 144->146 152 7ff674b22618-7ff674b2264e call 7ff674b2a334 call 7ff674b214e8 call 7ff674b2ad88 145->152 153 7ff674b226da-7ff674b226e7 call 7ff674b219bc call 7ff674b2c9cc 145->153 146->145 151 7ff674b2251b-7ff674b22539 LoadLibraryExW 146->151 151->145 154 7ff674b2253b-7ff674b22554 GetProcAddress 151->154 174 7ff674b2269e-7ff674b226d5 GetModuleHandleW ShellMessageBoxW 152->174 175 7ff674b22650-7ff674b22665 PathFileExistsW 152->175 165 7ff674b226e9-7ff674b226f0 153->165 166 7ff674b226f8-7ff674b226fb 153->166 157 7ff674b22556 154->157 158 7ff674b2255c-7ff674b22566 FreeLibrary 154->158 157->158 158->145 168 7ff674b226f6 165->168 169 7ff674b2279e-7ff674b227aa call 7ff674b21830 165->169 166->169 170 7ff674b22701-7ff674b22717 call 7ff674b2f104 166->170 168->166 179 7ff674b227ac call 7ff674b21d68 169->179 180 7ff674b227b1-7ff674b227f9 RegCreateKeyExW 169->180 181 7ff674b22789-7ff674b2278c 170->181 182 7ff674b22719-7ff674b2272e call 7ff674b33874 170->182 174->153 175->174 176 7ff674b22667-7ff674b2269c ExecuteCabW 175->176 176->153 179->180 185 7ff674b227ff-7ff674b22844 RegCreateKeyExW 180->185 186 7ff674b228d4-7ff674b228f7 call 7ff674b4c280 180->186 181->169 183 7ff674b2278e-7ff674b22794 181->183 192 7ff674b22730-7ff674b2276d call 7ff674b2d734 182->192 193 7ff674b22772-7ff674b2277a 182->193 183->169 189 7ff674b22846-7ff674b228be RegQueryValueExW RegSetValueExW RegCloseKey 185->189 190 7ff674b228c3-7ff674b228cf RegCloseKey 185->190 189->190 190->186 192->193 193->181 196 7ff674b2277c-7ff674b2277f 193->196 196->181
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CloseCreateModuleValue$FileHandleLibrary$AddressCacheCopyDirectoryExecuteExistsFlushFreeLoadMessageNamePathProcQueryShellSystem_time64memset
              • String ID: @$Attributes$DefaultInstall.Windows7$InstallDate$PerUserInit$SOFTWARE\Microsoft\Internet Explorer\New Windows$SOFTWARE\Microsoft\Internet Explorer\Unattend\New Windows$ShellFolder$Software\Microsoft\Internet Explorer\SQM$Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}$ieuinit.inf$mydocs.dll
              • API String ID: 1390537773-2640647115
              • Opcode ID: c2174abbe7ee1ada879519ae8abbd446766d3185761d58f5df5f0d0c5200438a
              • Instruction ID: d8946eeb9c96d5b6a0a61f3a52f4eec1e9196a6c4fcf6d2b8f75ef2fc5230261
              • Opcode Fuzzy Hash: c2174abbe7ee1ada879519ae8abbd446766d3185761d58f5df5f0d0c5200438a
              • Instruction Fuzzy Hash: DFD13537628B82C6EB10CF54E8946B9BBA0FB8AB94F445135DA4D87764DF3CE945CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 197 7ff674b245d0-7ff674b24639 call 7ff674b4cd50 GetShortPathNameW 200 7ff674b2463b-7ff674b24657 call 7ff674b214e8 197->200 201 7ff674b246ac-7ff674b246c4 GetCurrentDirectoryW 197->201 200->201 212 7ff674b24659-7ff674b24682 call 7ff674b2a334 GetShortPathNameW 200->212 202 7ff674b246ca-7ff674b246db SetCurrentDirectoryW 201->202 203 7ff674b24b4d-7ff674b24b76 call 7ff674b4c280 201->203 206 7ff674b24b3a-7ff674b24b48 SetCurrentDirectoryW 202->206 207 7ff674b246e1-7ff674b24700 FindFirstFileW 202->207 206->203 210 7ff674b24706-7ff674b24732 CoCreateInstance 207->210 211 7ff674b24a13-7ff674b24a17 207->211 213 7ff674b24738-7ff674b24757 210->213 214 7ff674b24a04-7ff674b24a0e FindClose 210->214 211->206 215 7ff674b24a1d-7ff674b24a47 call 7ff674b214e8 call 7ff674b238b0 211->215 212->201 221 7ff674b24684-7ff674b246a7 PathFindFileNameW call 7ff674b2ab18 212->221 222 7ff674b2475d-7ff674b24778 213->222 223 7ff674b249f2-7ff674b249fa 213->223 214->211 215->206 227 7ff674b24a4d-7ff674b24a7b FindFirstFileExW 215->227 221->201 230 7ff674b2477e-7ff674b247a4 222->230 231 7ff674b249c4-7ff674b249da FindNextFileW 222->231 223->214 227->206 229 7ff674b24a81-7ff674b24a9a lstrcmpW 227->229 232 7ff674b24a9c-7ff674b24ab5 lstrcmpW 229->232 233 7ff674b24b0f-7ff674b24b25 FindNextFileW 229->233 239 7ff674b247aa-7ff674b247c2 StrCmpIW 230->239 240 7ff674b24885-7ff674b2489e 230->240 231->222 234 7ff674b249e0-7ff674b249e8 231->234 232->233 235 7ff674b24ab7-7ff674b24ae1 call 7ff674b214e8 call 7ff674b238b0 232->235 233->229 237 7ff674b24b2b-7ff674b24b35 FindClose 233->237 234->223 235->233 251 7ff674b24ae3-7ff674b24af8 call 7ff674b238b0 235->251 237->206 242 7ff674b247f4-7ff674b24815 239->242 243 7ff674b247c4-7ff674b247cc 239->243 240->231 249 7ff674b248a4-7ff674b248bf ILCreateFromPath 240->249 242->240 250 7ff674b24817-7ff674b24832 PathRemoveBlanksW 242->250 243->240 246 7ff674b247d2-7ff674b247ee StrCmpIW 243->246 246->240 246->242 252 7ff674b248ce 249->252 253 7ff674b248c1-7ff674b248cc call 7ff674b24544 249->253 255 7ff674b24874-7ff674b24880 call 7ff674b24494 250->255 256 7ff674b24834-7ff674b24850 StrCmpICW 250->256 251->233 269 7ff674b24afa-7ff674b24b0a call 7ff674b245d0 251->269 254 7ff674b248d1-7ff674b248d3 252->254 253->254 259 7ff674b248e1-7ff674b248fc ILCreateFromPath 254->259 260 7ff674b248d5-7ff674b248dc call 7ff674b24494 254->260 255->231 256->255 261 7ff674b24852-7ff674b2486e StrCmpICW 256->261 266 7ff674b2490b 259->266 267 7ff674b248fe-7ff674b24909 call 7ff674b24544 259->267 260->259 261->231 261->255 271 7ff674b2490e-7ff674b24910 266->271 267->271 269->233 274 7ff674b24916-7ff674b24945 RegOpenKeyExW 271->274 275 7ff674b249b3-7ff674b249bf ILFree 271->275 274->275 276 7ff674b24947-7ff674b2496c call 7ff674b23d44 274->276 275->231 279 7ff674b2496e-7ff674b24976 276->279 280 7ff674b249a2-7ff674b249ae RegCloseKey 276->280 281 7ff674b24996-7ff674b2499d call 7ff674b24494 279->281 282 7ff674b24978-7ff674b24994 StrCmpIW 279->282 280->275 281->280 282->280 282->281
              APIs
              • GetShortPathNameW.KERNEL32 ref: 00007FF674B24622
              • GetShortPathNameW.KERNEL32 ref: 00007FF674B24672
              • PathFindFileNameW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24687
                • Part of subcall function 00007FF674B2AB18: LocalFree.KERNEL32 ref: 00007FF674B2AD46
              • GetCurrentDirectoryW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B246B6
              • SetCurrentDirectoryW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B246CD
              • FindFirstFileW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B246ED
              • CoCreateInstance.OLE32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24724
              • StrCmpIW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B247B4
              • StrCmpIW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B247E0
              • PathRemoveBlanksW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B2481E
              • StrCmpICW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24842
              • StrCmpICW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24860
              • ILCreateFromPath.SHELL32 ref: 00007FF674B248B0
              • ILCreateFromPath.SHELL32 ref: 00007FF674B248ED
              • RegOpenKeyExW.ADVAPI32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24937
              • StrCmpIW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24986
              • RegCloseKey.ADVAPI32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B249A7
              • ILFree.SHELL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B249B8
              • FindNextFileW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B249CC
              • FindClose.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24A07
                • Part of subcall function 00007FF674B2A334: wcschr.MSVCRT ref: 00007FF674B2A39C
              • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24A68
              • lstrcmpW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24A8C
              • lstrcmpW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24AA7
              • FindNextFileW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24B17
              • FindClose.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24B2E
              • SetCurrentDirectoryW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24B41
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Find$Path$File$CloseCreateCurrentDirectoryName$FirstFreeFromNextShortlstrcmp$BlanksInstanceLocalOpenRemovewcschr
              • String ID: *.lnk$-extoff$-nohome$IEXPLORE.EXE$Software\Clients\StartMenuInternet$shell:::{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}$shell:::{871C5380-42A0-1069-A2EA-08002B30309D}
              • API String ID: 1000041407-3405740670
              • Opcode ID: 12b338869ac055bfbfede1c304d72bf4f993c3a24294629947afc1739973ac51
              • Instruction ID: f4ab3203856d9a9be6d4940560360db542273299b2e66469c78a6da9641b9430
              • Opcode Fuzzy Hash: 12b338869ac055bfbfede1c304d72bf4f993c3a24294629947afc1739973ac51
              • Instruction Fuzzy Hash: 25E10037628A86D6EB50DF25E8881B9B760FB8AF95F405131DA0DC7A94DF3CE949C700
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 355 7ff674b22b70-7ff674b22bcb call 7ff674b266e8 InitOnceExecuteOnce 358 7ff674b22bd1-7ff674b22bd8 355->358 359 7ff674b22c70-7ff674b22c98 call 7ff674b266e8 CoInitializeEx 355->359 358->359 360 7ff674b22bde-7ff674b22be5 358->360 365 7ff674b22d6e-7ff674b22d73 call 7ff674b26390 359->365 366 7ff674b22c9e-7ff674b22cc3 SHGetKnownFolderPath 359->366 360->359 362 7ff674b22beb-7ff674b22bf7 GetTickCount 360->362 364 7ff674b22bf9-7ff674b22c08 GetShellWindow 362->364 367 7ff674b22c46-7ff674b22c6b Sleep SHChangeNotify 364->367 368 7ff674b22c0a-7ff674b22c18 GetTickCount 364->368 379 7ff674b22d86-7ff674b22d95 GetShellWindow 365->379 370 7ff674b22cc9-7ff674b22ce6 call 7ff674b2ab18 366->370 371 7ff674b22d62-7ff674b22d69 CoUninitialize 366->371 367->359 373 7ff674b22c1a-7ff674b22c21 368->373 374 7ff674b22c25-7ff674b22c31 GetTickCount 368->374 382 7ff674b22ce8-7ff674b22d04 LoadLibraryExW 370->382 383 7ff674b22d51-7ff674b22d5d CoTaskMemFree 370->383 371->365 373->359 377 7ff674b22c23 373->377 378 7ff674b22c33-7ff674b22c44 Sleep 374->378 377->378 378->364 380 7ff674b22d97-7ff674b22db7 call 7ff674b2be44 call 7ff674b2c164 call 7ff674b27724 379->380 381 7ff674b22d75-7ff674b22d81 Sleep 379->381 395 7ff674b22db9-7ff674b22de2 SHGetFolderPathW 380->395 396 7ff674b22df0-7ff674b22e12 call 7ff674b4c280 380->396 381->379 382->383 385 7ff674b22d06-7ff674b22d1f GetProcAddress 382->385 383->371 387 7ff674b22d21-7ff674b22d3d call 7ff674b266e8 385->387 388 7ff674b22d42-7ff674b22d4c FreeLibrary 385->388 387->388 388->383 395->396 397 7ff674b22de4-7ff674b22deb call 7ff674b2c400 395->397 397->396
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CountSleepTick$FolderFreeLibraryMessageOncePathShellWindow$AddressChangeExecuteFormatInitInitializeKnownLoadLocalNotifyPostProcTaskThreadTimeUninitialize
              • String ID: In CmdClearIconCache$In MigrateWinInetCache$MigrateCacheForCurrentUser$MigrateCacheForCurrentUser() returned: 0x%1!08lX!$migration\WininetPlugin.dll
              • API String ID: 2252748604-3922426855
              • Opcode ID: c76efddafdf2c0a565b18acd89d85bdb2a0319ff8dafd2594191556a9968fab7
              • Instruction ID: 5b2094f34e2c3d4ca6d1454a479b10e5a2fe71b55a43ccb923d06a980e6ee032
              • Opcode Fuzzy Hash: c76efddafdf2c0a565b18acd89d85bdb2a0319ff8dafd2594191556a9968fab7
              • Instruction Fuzzy Hash: F0612133A28A42C6EB549B64E8D86B9A7A0FF8BF41F405535DA0EC3695DF3CE844C700
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 401 7ff674b234f8-7ff674b2357e EventRegister 402 7ff674b235a1-7ff674b235a5 401->402 403 7ff674b23580-7ff674b2359c EventSetInformation 401->403 404 7ff674b235ab-7ff674b235d3 HeapSetInformation OleInitialize 402->404 405 7ff674b23875-7ff674b238a6 call 7ff674b4c280 402->405 403->402 406 7ff674b235d9-7ff674b2360e SetErrorMode CommandLineToArgvW 404->406 407 7ff674b2382d 404->407 409 7ff674b23805-7ff674b2381c GetLastError 406->409 410 7ff674b23614-7ff674b23651 memset 406->410 411 7ff674b23832-7ff674b23870 call 7ff674b266e8 call 7ff674b26874 EventUnregister 407->411 413 7ff674b2381f-7ff674b2382b OleUninitialize 409->413 414 7ff674b2366c-7ff674b23694 CreateEventW 410->414 415 7ff674b23653-7ff674b23667 call 7ff674b21574 410->415 411->405 413->411 419 7ff674b236f6-7ff674b23717 call 7ff674b266e8 414->419 420 7ff674b23696-7ff674b236cd CreateThread 414->420 415->414 426 7ff674b2371d-7ff674b23727 419->426 427 7ff674b237f4-7ff674b23803 LocalFree 419->427 420->419 422 7ff674b236cf-7ff674b236f1 WaitForSingleObject CloseHandle 420->422 422->419 428 7ff674b23729-7ff674b2372b 426->428 427->413 429 7ff674b237ec-7ff674b237f1 428->429 430 7ff674b23731-7ff674b23733 428->430 429->427 431 7ff674b23736-7ff674b2375b StrCmpNIW 430->431 432 7ff674b2376d 431->432 433 7ff674b2375d-7ff674b2376b call 7ff674b22900 431->433 435 7ff674b2376f-7ff674b23771 432->435 433->435 437 7ff674b2378a-7ff674b237ca call 7ff674b266e8 * 2 435->437 438 7ff674b23773-7ff674b2377f 435->438 441 7ff674b237cf-7ff674b237e6 437->441 438->431 439 7ff674b23781-7ff674b23788 438->439 439->441 441->428 441->429
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Event$CreateErrorInformation$ArgvCloseCommandFreeHandleHeapInitializeLastLineLocalModeObjectRegisterSingleThreadUninitializeUnregisterWaitmemset
              • String ID: Command Result: 0x%1!08lx!$Executing Command: %1!lS!$Starting ie4uinit.exe. Command Line:%1!lS!$ie4uInit.exe exiting. Process Result: 0x%1!08lx!======================================================$ie4uinit%s.log
              • API String ID: 3658610800-118140733
              • Opcode ID: c91161290317f067eff6c316cf6bb48b25ac0183bb98f27e52d42ed7f1f09385
              • Instruction ID: 9f5531779b89b9732ee8c7fca4b7daecdab41ea270804e646e40ae2b53bdd15b
              • Opcode Fuzzy Hash: c91161290317f067eff6c316cf6bb48b25ac0183bb98f27e52d42ed7f1f09385
              • Instruction Fuzzy Hash: 69A14133A28B82C6E710DF65E8885B9B7A0FB8AF80F455135D94E87660DF3CE985C700
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 445 7ff674b25b88-7ff674b25bec call 7ff674b266e8 call 7ff674b25944 CoInitializeEx 450 7ff674b25f50-7ff674b25f77 call 7ff674b4c280 445->450 451 7ff674b25bf2-7ff674b25c4b call 7ff674b27ba4 call 7ff674b266e8 InitOnceExecuteOnce 445->451 458 7ff674b25c4d-7ff674b25c60 call 7ff674b266e8 451->458 459 7ff674b25c62-7ff674b25c64 451->459 458->459 461 7ff674b25c66-7ff674b25c6e 459->461 462 7ff674b25c70-7ff674b25c7b call 7ff674b24f14 459->462 463 7ff674b25c7e-7ff674b25cb1 call 7ff674b24d58 call 7ff674b23dcc * 2 SHGetSpecialFolderPathW 461->463 462->463 473 7ff674b25d11-7ff674b25d49 call 7ff674b266e8 SHGetSpecialFolderPathW 463->473 474 7ff674b25cb3-7ff674b25cea call 7ff674b2ab18 call 7ff674b2a3fc PathFileExistsW 463->474 479 7ff674b25d4b-7ff674b25d57 call 7ff674b24b80 473->479 480 7ff674b25d5c-7ff674b25d63 call 7ff674b23cd8 473->480 474->473 486 7ff674b25cec-7ff674b25d0c SetFileAttributesW DeleteFileW 474->486 479->480 487 7ff674b25db2-7ff674b25db4 480->487 488 7ff674b25d65-7ff674b25d7f call 7ff674b27ba4 480->488 486->473 490 7ff674b25dba-7ff674b25e6f call 7ff674b250f0 * 3 call 7ff674b25188 * 2 call 7ff674b2520c * 2 487->490 491 7ff674b25e74-7ff674b25e9c PostMessageW call 7ff674b27724 487->491 488->487 496 7ff674b25d81-7ff674b25dad call 7ff674b254b0 #654 488->496 490->491 498 7ff674b25e9e-7ff674b25ecd call 7ff674b2be44 call 7ff674b23988 491->498 499 7ff674b25ed2-7ff674b25eee call 7ff674b23ac0 #281 491->499 496->487 498->499 511 7ff674b25f0a-7ff674b25f1e call 7ff674b27778 499->511 512 7ff674b25ef0-7ff674b25ef5 499->512 519 7ff674b25f2c-7ff674b25f4b call 7ff674b25560 * 2 CoUninitialize 511->519 520 7ff674b25f20-7ff674b25f27 call 7ff674b25858 511->520 512->511 514 7ff674b25ef7-7ff674b25f05 #282 512->514 514->511 519->450 520->519
              APIs
                • Part of subcall function 00007FF674B266E8: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26721
                • Part of subcall function 00007FF674B266E8: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26799
                • Part of subcall function 00007FF674B266E8: PostThreadMessageW.USER32 ref: 00007FF674B267B9
                • Part of subcall function 00007FF674B25944: CreateFileW.KERNEL32 ref: 00007FF674B259AE
                • Part of subcall function 00007FF674B25944: GetLastError.KERNEL32 ref: 00007FF674B259C3
                • Part of subcall function 00007FF674B25944: GetLastError.KERNEL32 ref: 00007FF674B259D9
                • Part of subcall function 00007FF674B25944: ReadFile.KERNEL32 ref: 00007FF674B25A2B
                • Part of subcall function 00007FF674B25944: CloseHandle.KERNEL32 ref: 00007FF674B25A89
                • Part of subcall function 00007FF674B25944: DeleteFileW.KERNEL32 ref: 00007FF674B25AB7
                • Part of subcall function 00007FF674B25944: GetLastError.KERNEL32 ref: 00007FF674B25AC7
                • Part of subcall function 00007FF674B25944: GetLastError.KERNEL32 ref: 00007FF674B25ADD
              • CoInitializeEx.OLE32 ref: 00007FF674B25BDE
              • InitOnceExecuteOnce.KERNEL32 ref: 00007FF674B25C38
              • SHGetSpecialFolderPathW.SHELL32 ref: 00007FF674B25CA3
              • PathFileExistsW.SHLWAPI ref: 00007FF674B25CDC
              • SetFileAttributesW.KERNEL32 ref: 00007FF674B25CF5
              • DeleteFileW.KERNEL32 ref: 00007FF674B25D05
              • SHGetSpecialFolderPathW.SHELL32 ref: 00007FF674B25D36
              • #654.IERTUTIL ref: 00007FF674B25DA6
                • Part of subcall function 00007FF674B24F14: SHGetSpecialFolderPathW.SHELL32 ref: 00007FF674B24F48
                • Part of subcall function 00007FF674B24F14: GetCurrentDirectoryW.KERNEL32 ref: 00007FF674B24F6A
                • Part of subcall function 00007FF674B24F14: GetModuleHandleW.KERNEL32 ref: 00007FF674B24F8D
                • Part of subcall function 00007FF674B24F14: LoadStringW.USER32 ref: 00007FF674B24FAB
                • Part of subcall function 00007FF674B24F14: GetCurrentDirectoryW.KERNEL32 ref: 00007FF674B24FD5
                • Part of subcall function 00007FF674B24F14: SHGetValueW.SHLWAPI ref: 00007FF674B2502E
                • Part of subcall function 00007FF674B24F14: GetModuleHandleW.KERNEL32 ref: 00007FF674B25040
                • Part of subcall function 00007FF674B24F14: LoadStringW.USER32 ref: 00007FF674B2505E
                • Part of subcall function 00007FF674B24F14: SHGetSpecialFolderPathW.SHELL32 ref: 00007FF674B2507C
                • Part of subcall function 00007FF674B24F14: GetCurrentDirectoryW.KERNEL32 ref: 00007FF674B250A6
                • Part of subcall function 00007FF674B25188: SHGetKnownFolderPath.SHELL32(00007FF674B22A2C), ref: 00007FF674B251B3
                • Part of subcall function 00007FF674B25188: CoTaskMemFree.OLE32 ref: 00007FF674B251DC
                • Part of subcall function 00007FF674B2520C: SHGetSpecialFolderPathW.SHELL32 ref: 00007FF674B25241
                • Part of subcall function 00007FF674B2520C: GetModuleHandleW.KERNEL32 ref: 00007FF674B2528E
                • Part of subcall function 00007FF674B2520C: LoadStringW.USER32 ref: 00007FF674B252AA
                • Part of subcall function 00007FF674B2520C: PathRemoveExtensionW.SHLWAPI ref: 00007FF674B252BB
                • Part of subcall function 00007FF674B2520C: GetModuleHandleW.KERNEL32 ref: 00007FF674B252F9
                • Part of subcall function 00007FF674B2520C: LoadStringW.USER32 ref: 00007FF674B25315
                • Part of subcall function 00007FF674B2520C: PathRemoveExtensionW.SHLWAPI ref: 00007FF674B25326
              • PostMessageW.USER32 ref: 00007FF674B25E89
                • Part of subcall function 00007FF674B27724: InitOnceExecuteOnce.KERNEL32(?,?,?,?,00007FF674B2CBF9), ref: 00007FF674B2773C
              • #281.IERTUTIL ref: 00007FF674B25EE0
              • #282.IERTUTIL ref: 00007FF674B25EFE
              • CoUninitialize.OLE32 ref: 00007FF674B25F44
                • Part of subcall function 00007FF674B2BE44: SetFileAttributesW.KERNEL32 ref: 00007FF674B2BF48
                • Part of subcall function 00007FF674B2BE44: wcscat_s.MSVCRT ref: 00007FF674B2C013
                • Part of subcall function 00007FF674B2BE44: wcscat_s.MSVCRT ref: 00007FF674B2C030
                • Part of subcall function 00007FF674B2BE44: FindFirstFileW.KERNEL32 ref: 00007FF674B2C048
                • Part of subcall function 00007FF674B23988: memset.MSVCRT ref: 00007FF674B239CE
                • Part of subcall function 00007FF674B23988: GetVersionExA.KERNEL32 ref: 00007FF674B239D8
              Strings
              • In UserConfigIE. fRunningInstallStub=%1!d!, xrefs: 00007FF674B25BBB
              • In ShowIEDesktopIcon. fShow=%1!d!, xrefs: 00007FF674B25C0C
              • SBE is enabled. Set fShow to FALSE, xrefs: 00007FF674B25C4D
              • In ShowUserShortcuts. lsnSM=%1!d!, fShow=%2!d!, xrefs: 00007FF674B25D14
              • Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-00000000004, xrefs: 00007FF674B25F38
              • Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-00000000004, xrefs: 00007FF674B25F2C
              • Software\Clients\StartMenuInternet, xrefs: 00007FF674B25E77
              • Adobe\Flash Player\NativeCache, xrefs: 00007FF674B25E9E
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Path$File$Folder$HandleSpecial$ErrorLastLoadModuleOnceString$CurrentDirectoryMessage$AttributesDeleteExecuteExtensionInitPostRemovewcscat_s$#281#282#650#654CloseCreateExistsFindFirstFormatFreeInitializeKnownLocalReadTaskThreadTimeUninitializeValueVersionmemset
              • String ID: SBE is enabled. Set fShow to FALSE$Adobe\Flash Player\NativeCache$In ShowIEDesktopIcon. fShow=%1!d!$In ShowUserShortcuts. lsnSM=%1!d!, fShow=%2!d!$In UserConfigIE. fRunningInstallStub=%1!d!$Software\Clients\StartMenuInternet$Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-00000000004$Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-00000000004
              • API String ID: 503798684-980884874
              • Opcode ID: d41faeff84721ed1bd9eaa6f3b68f0cf017f28b01f6268df5b61b9c9ec436956
              • Instruction ID: 4a25ab73100f15af691a14ba49e929e86a8f2cc16b1e37e00b1297baa7802b89
              • Opcode Fuzzy Hash: d41faeff84721ed1bd9eaa6f3b68f0cf017f28b01f6268df5b61b9c9ec436956
              • Instruction Fuzzy Hash: E3B17F33A38642C6E710DB24E8D8AB9A760FF8AB84F405035E94E97695DF3CE945CB00
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 530 7ff674b38a44-7ff674b38a7d 531 7ff674b38a80 call 7ff674b49f2c 530->531 532 7ff674b38a85-7ff674b38a89 531->532 533 7ff674b3915d-7ff674b39164 532->533 534 7ff674b38a8f-7ff674b38ab3 call 7ff674b3814c 532->534 536 7ff674b39166-7ff674b39169 533->536 537 7ff674b39173-7ff674b3917a 533->537 543 7ff674b38ad1-7ff674b38ad4 534->543 544 7ff674b38ab5-7ff674b38acd 534->544 536->537 538 7ff674b39189-7ff674b39190 537->538 539 7ff674b3917c-7ff674b3917f 537->539 541 7ff674b3919f-7ff674b391bb 538->541 542 7ff674b39192-7ff674b39195 538->542 539->538 542->541 545 7ff674b38ad6-7ff674b38adf SysFreeString 543->545 546 7ff674b38ae4-7ff674b38aeb 543->546 544->543 545->546 548 7ff674b38aed-7ff674b38af0 546->548 549 7ff674b38afa-7ff674b38b01 546->549 548->549 550 7ff674b38b10-7ff674b38b17 549->550 551 7ff674b38b03-7ff674b38b06 549->551 552 7ff674b38b19-7ff674b38b1c 550->552 553 7ff674b38b26-7ff674b38b29 550->553 551->550 552->553 554 7ff674b39149 553->554 555 7ff674b38b2f-7ff674b38b4d StrCmpNW 553->555 558 7ff674b3914e-7ff674b39158 SysFreeString 554->558 556 7ff674b3911b-7ff674b39147 StrCmpNW 555->556 557 7ff674b38b53-7ff674b38b56 555->557 556->558 559 7ff674b38b5c-7ff674b38b7c call 7ff674b3814c 557->559 560 7ff674b38bde-7ff674b38be1 557->560 558->533 569 7ff674b38b99-7ff674b38ba3 559->569 570 7ff674b38b7e-7ff674b38b95 559->570 561 7ff674b39017-7ff674b39019 560->561 562 7ff674b38be7-7ff674b38bee 560->562 561->558 564 7ff674b3901f-7ff674b39022 561->564 562->561 565 7ff674b38bf4-7ff674b38c10 call 7ff674b382e0 562->565 564->558 567 7ff674b39028-7ff674b3902e 564->567 577 7ff674b38c26-7ff674b38c31 565->577 578 7ff674b38c12-7ff674b38c23 565->578 567->558 573 7ff674b39034-7ff674b39044 SysFreeString 567->573 571 7ff674b38ba5-7ff674b38ba8 569->571 572 7ff674b38bb2-7ff674b38bb9 569->572 570->569 571->572 575 7ff674b38bc8-7ff674b38bcf 572->575 576 7ff674b38bbb-7ff674b38bbe 572->576 573->558 575->560 582 7ff674b38bd1-7ff674b38bd4 575->582 576->575 580 7ff674b38c40-7ff674b38c45 577->580 581 7ff674b38c33-7ff674b38c36 577->581 578->577 580->561 584 7ff674b38c4b-7ff674b38c62 580->584 581->580 582->560 585 7ff674b38c65 call 7ff674b21918 584->585 586 7ff674b38c6a-7ff674b38c6d 585->586 587 7ff674b38c6f-7ff674b38c72 586->587 588 7ff674b38c93-7ff674b38c99 586->588 587->588 589 7ff674b38c74 587->589 590 7ff674b39111 588->590 591 7ff674b38c9f-7ff674b38cd2 call 7ff674b382e0 call 7ff674b3814c 588->591 592 7ff674b38c78-7ff674b38c91 589->592 590->556 597 7ff674b38cf0-7ff674b38cf3 591->597 598 7ff674b38cd4-7ff674b38cec 591->598 592->588 592->592 599 7ff674b38cf5-7ff674b38cfe SysFreeString 597->599 600 7ff674b38d03-7ff674b38d0a 597->600 598->597 599->600 602 7ff674b38d19-7ff674b38d20 600->602 603 7ff674b38d0c-7ff674b38d0f 600->603 604 7ff674b38d2f-7ff674b38d36 602->604 605 7ff674b38d22-7ff674b38d25 602->605 603->602 606 7ff674b38d38-7ff674b38d3b 604->606 607 7ff674b38d45-7ff674b38d4d 604->607 605->604 606->607 608 7ff674b39049-7ff674b39053 607->608 609 7ff674b38d53-7ff674b38d60 607->609 612 7ff674b39059-7ff674b39079 call 7ff674b3814c 608->612 613 7ff674b38f9a-7ff674b38fa0 608->613 610 7ff674b38d7c-7ff674b38d89 609->610 611 7ff674b38d62-7ff674b38d77 609->611 616 7ff674b38d9d-7ff674b38da8 610->616 617 7ff674b38d8b-7ff674b38d98 610->617 611->610 629 7ff674b3907b-7ff674b3908f 612->629 630 7ff674b39093-7ff674b39096 612->630 614 7ff674b38feb-7ff674b38ffd SysFreeString 613->614 615 7ff674b38fa2-7ff674b38fa9 613->615 625 7ff674b3900f-7ff674b39013 614->625 626 7ff674b38fff-7ff674b39005 614->626 620 7ff674b38fdd-7ff674b38fe6 call 7ff674b2195c 615->620 621 7ff674b38fab-7ff674b38fd8 call 7ff674b2195c * 2 615->621 623 7ff674b38db7-7ff674b38dba 616->623 624 7ff674b38daa-7ff674b38dad 616->624 617->616 620->614 658 7ff674b38fda 621->658 632 7ff674b38f7d-7ff674b38f80 623->632 633 7ff674b38dc0 623->633 624->623 625->561 626->625 629->630 636 7ff674b39098-7ff674b390a1 SysFreeString 630->636 637 7ff674b390a6-7ff674b390ad 630->637 639 7ff674b38f92-7ff674b38f98 632->639 640 7ff674b38f82-7ff674b38f88 632->640 638 7ff674b38dc4-7ff674b38dc6 633->638 636->637 643 7ff674b390bc-7ff674b390c3 637->643 644 7ff674b390af-7ff674b390b2 637->644 645 7ff674b38f4d-7ff674b38f58 638->645 646 7ff674b38dcc-7ff674b38dd7 638->646 639->613 639->614 640->639 647 7ff674b390c5-7ff674b390c8 643->647 648 7ff674b390d2-7ff674b390d9 643->648 644->643 650 7ff674b38f67-7ff674b38f6e 645->650 651 7ff674b38f5a-7ff674b38f5d 645->651 652 7ff674b38dd9-7ff674b38df1 646->652 653 7ff674b38df6-7ff674b38df9 646->653 647->648 656 7ff674b390e8-7ff674b39107 SysStringLen SysFreeString 648->656 657 7ff674b390db-7ff674b390de 648->657 650->632 659 7ff674b38f70-7ff674b38f73 650->659 651->650 652->653 654 7ff674b38e09-7ff674b38e2b SysStringLen 653->654 655 7ff674b38dfb-7ff674b38e04 SysFreeString 653->655 661 7ff674b38e2d-7ff674b38e38 654->661 662 7ff674b38e3a-7ff674b38e42 call 7ff674b37ab0 654->662 655->654 656->590 657->656 658->620 659->632 663 7ff674b38e44-7ff674b38e46 661->663 662->663 666 7ff674b38e48-7ff674b38e63 SysStringLen 663->666 667 7ff674b38e87-7ff674b38ea0 SysFreeString 663->667 670 7ff674b38e65-7ff674b38e71 666->670 671 7ff674b38e73-7ff674b38e82 call 7ff674b37ab0 666->671 668 7ff674b38ebc-7ff674b38ec3 667->668 669 7ff674b38ea2-7ff674b38eb7 667->669 672 7ff674b38ed7-7ff674b38ee2 668->672 673 7ff674b38ec5-7ff674b38ed2 668->673 669->668 674 7ff674b38e84 670->674 671->674 677 7ff674b38ef1-7ff674b38f05 call 7ff674b38200 672->677 678 7ff674b38ee4-7ff674b38ee7 672->678 673->672 674->667 683 7ff674b38f07-7ff674b38f0a 677->683 684 7ff674b38f14-7ff674b38f1b 677->684 678->677 683->684 685 7ff674b38f1d-7ff674b38f20 684->685 686 7ff674b38f2a-7ff674b38f31 684->686 685->686 687 7ff674b38f40-7ff674b38f47 686->687 688 7ff674b38f33-7ff674b38f36 686->688 687->638 687->645 688->687
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free$AllocHeap$CreateInstanceProcess
              • String ID: NOTFOUND$publiccertificate$signvalue$status$thumbprint
              • API String ID: 1790882235-479019699
              • Opcode ID: 0d54c112cf1ae56cca4db049aa18286424ddc298f1a7c7ab1b99240555bf85c3
              • Instruction ID: bbc2763455164bd92e2c1ca9d6fef8c92f1f786a3544e05a93c4c80e6dc99f36
              • Opcode Fuzzy Hash: 0d54c112cf1ae56cca4db049aa18286424ddc298f1a7c7ab1b99240555bf85c3
              • Instruction Fuzzy Hash: B232F52BA29B06C6EF548F6AD49836863A1FF86F84F054532DE0E97764DF39E844C341
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 689 7ff674b39428-7ff674b3946e SysAllocString 690 7ff674b3965b-7ff674b396ac call 7ff674b21614 call 7ff674b21918 689->690 691 7ff674b39474-7ff674b394a1 SysStringLen HttpSendRequestW 689->691 705 7ff674b396ba 690->705 706 7ff674b396ae-7ff674b396b8 690->706 692 7ff674b394a7-7ff674b394d6 HttpQueryInfoW 691->692 693 7ff674b39602-7ff674b3962a GetLastError call 7ff674b34020 691->693 695 7ff674b394dc-7ff674b394e3 692->695 696 7ff674b3962f-7ff674b39659 SysFreeString 692->696 693->696 695->696 699 7ff674b394e9-7ff674b394ed 695->699 702 7ff674b394f2-7ff674b39502 call 7ff674b21918 699->702 709 7ff674b39508-7ff674b3952d InternetReadFile 702->709 710 7ff674b3958b 702->710 708 7ff674b396bc-7ff674b396c9 705->708 706->708 711 7ff674b3980b-7ff674b39823 708->711 712 7ff674b396cf-7ff674b396f8 call 7ff674b4b8bc 708->712 714 7ff674b3954b-7ff674b39550 709->714 715 7ff674b3952f-7ff674b39549 GetLastError 709->715 713 7ff674b39590-7ff674b39596 710->713 727 7ff674b396fe-7ff674b39709 712->727 728 7ff674b397f2-7ff674b397f5 712->728 719 7ff674b39598-7ff674b3959c 713->719 720 7ff674b395f1-7ff674b39600 SysFreeString 713->720 716 7ff674b39581-7ff674b39589 call 7ff674b2195c 714->716 717 7ff674b39552-7ff674b39567 call 7ff674b37794 714->717 715->716 716->713 717->716 735 7ff674b39569-7ff674b3957c call 7ff674b216bc call 7ff674b2195c 717->735 719->702 724 7ff674b395a2-7ff674b395a9 719->724 720->696 729 7ff674b395ab-7ff674b395b0 724->729 730 7ff674b395b2-7ff674b395b5 724->730 731 7ff674b3970f-7ff674b39725 SysAllocString 727->731 732 7ff674b397c4-7ff674b397c9 727->732 728->711 736 7ff674b397f7-7ff674b39802 728->736 729->720 733 7ff674b395b7-7ff674b395b9 730->733 734 7ff674b395bb-7ff674b395d6 SysStringByteLen SysAllocStringByteLen 730->734 737 7ff674b3972b-7ff674b3973f call 7ff674b216bc 731->737 738 7ff674b39825-7ff674b39870 call 7ff674b21614 call 7ff674b38674 731->738 740 7ff674b397d3-7ff674b397ed call 7ff674b2195c * 2 SysFreeString 732->740 739 7ff674b395db-7ff674b395e1 733->739 734->739 735->716 736->711 754 7ff674b397cf 737->754 755 7ff674b39745-7ff674b39748 737->755 764 7ff674b39876-7ff674b39896 SysStringLen 738->764 765 7ff674b3999f-7ff674b399ca SysFreeString 738->765 743 7ff674b395ef 739->743 744 7ff674b395e3-7ff674b395e6 739->744 740->728 743->720 744->743 749 7ff674b395e8-7ff674b395ed 744->749 749->720 754->740 758 7ff674b3975c-7ff674b39770 call 7ff674b216bc 755->758 759 7ff674b3974a-7ff674b3975a call 7ff674b399d4 755->759 758->754 770 7ff674b39772-7ff674b39775 758->770 759->754 759->758 768 7ff674b39898-7ff674b398ad call 7ff674b37638 764->768 769 7ff674b398af 764->769 771 7ff674b398b2-7ff674b398b4 768->771 769->771 773 7ff674b39789-7ff674b39790 770->773 774 7ff674b39777-7ff674b39787 call 7ff674b399d4 770->774 771->765 778 7ff674b398ba-7ff674b398bf 771->778 775 7ff674b39796-7ff674b397b1 SysStringByteLen SysAllocStringByteLen 773->775 776 7ff674b39792-7ff674b39794 773->776 774->754 774->773 780 7ff674b397b6-7ff674b397bd 775->780 776->780 781 7ff674b398c1-7ff674b398c9 778->781 782 7ff674b398f4 778->782 784 7ff674b397cb-7ff674b397cd 780->784 785 7ff674b397bf-7ff674b397c2 780->785 787 7ff674b398cb-7ff674b398ce 781->787 786 7ff674b398f7-7ff674b39900 782->786 784->740 785->732 785->784 790 7ff674b39997-7ff674b3999a call 7ff674b2195c 786->790 791 7ff674b39906-7ff674b39926 call 7ff674b3966c 786->791 788 7ff674b398d9-7ff674b398f2 787->788 789 7ff674b398d0-7ff674b398d7 787->789 788->786 789->787 789->788 790->765 795 7ff674b39928-7ff674b39949 call 7ff674b391c4 791->795 796 7ff674b39987-7ff674b39992 SysFreeString 791->796 799 7ff674b39977-7ff674b39982 SysFreeString 795->799 800 7ff674b3994b-7ff674b39969 call 7ff674b38a44 795->800 796->790 799->796 800->799 803 7ff674b3996b-7ff674b39972 call 7ff674b34020 800->803 803->799
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Alloc$ByteErrorFreeHeapHttpLast$FileInfoInternetProcessQueryReadRequestSend
              • String ID: &clientkey=$&mac=$Content-Type: text/xml; charset=utf-8$https://ieonline.microsoft.com/EUPP/v1/service?action=signvalue&appid=Microsoft_IE_EUPP
              • API String ID: 2461892178-91891535
              • Opcode ID: 26c21fecc66d493dde6acd165f7bb7267dba74518328a5f411d9d28c9933de08
              • Instruction ID: c4ac1d2c2a7fb6ee142aaddc837279e2923db785805d6c9b44ed1f97746bfb69
              • Opcode Fuzzy Hash: 26c21fecc66d493dde6acd165f7bb7267dba74518328a5f411d9d28c9933de08
              • Instruction Fuzzy Hash: 14B15C23A28A52C7EB119F3698883B966A4FB4BF94F094535DE0E97784DF3CE8458740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetCurrentProcessId.KERNEL32 ref: 00007FF674B2B014
                • Part of subcall function 00007FF674B21574: _vsnwprintf.MSVCRT ref: 00007FF674B215B4
              • CreateMutexExW.KERNEL32 ref: 00007FF674B2B056
              • WaitForSingleObjectEx.KERNEL32 ref: 00007FF674B2B07F
                • Part of subcall function 00007FF674B2899C: GetLastError.KERNEL32 ref: 00007FF674B289A0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CreateCurrentErrorLastMutexObjectProcessSingleWait_vsnwprintf
              • String ID: Local\SM0:%d:%d:%hs$onecore\internal\sdk\inc\wil\opensource\wil\resource.h$wil$x
              • API String ID: 3333087404-3363748427
              • Opcode ID: 4e1b66a85bcca95b83280eb80358548f95c6b66c4e9b49a9152eb0d8a43a916d
              • Instruction ID: a53b8655fc8b919f3663c79143f7613fe209b47aa52e45c7bacc3efe41c6ec77
              • Opcode Fuzzy Hash: 4e1b66a85bcca95b83280eb80358548f95c6b66c4e9b49a9152eb0d8a43a916d
              • Instruction Fuzzy Hash: 65817233A28A42C2EB21DF65E4986BAB760FB8AF84F444135DA4D97755DF3CE845C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B266E8: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26721
                • Part of subcall function 00007FF674B266E8: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26799
                • Part of subcall function 00007FF674B266E8: PostThreadMessageW.USER32 ref: 00007FF674B267B9
              • CoInitializeEx.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B22A2C), ref: 00007FF674B260CC
              • RegOpenKeyExW.ADVAPI32 ref: 00007FF674B262B2
              • RegOpenKeyExW.ADVAPI32 ref: 00007FF674B262EB
              • RegDeleteKeyW.ADVAPI32 ref: 00007FF674B26310
              • PostMessageW.USER32 ref: 00007FF674B26338
              • SHChangeNotify.SHELL32 ref: 00007FF674B26356
              • CoUninitialize.OLE32 ref: 00007FF674B26362
                • Part of subcall function 00007FF674B23CD8: GetVersionExW.KERNEL32 ref: 00007FF674B23CFE
                • Part of subcall function 00007FF674B23EDC: RegCreateKeyExW.ADVAPI32 ref: 00007FF674B23F32
                • Part of subcall function 00007FF674B23EDC: RegSetValueW.ADVAPI32 ref: 00007FF674B23FEB
                • Part of subcall function 00007FF674B23EDC: RegCloseKey.ADVAPI32 ref: 00007FF674B23FFC
                • Part of subcall function 00007FF674B250F0: SHGetSpecialFolderPathW.SHELL32 ref: 00007FF674B25132
                • Part of subcall function 00007FF674B25188: SHGetKnownFolderPath.SHELL32(00007FF674B22A2C), ref: 00007FF674B251B3
                • Part of subcall function 00007FF674B25188: CoTaskMemFree.OLE32 ref: 00007FF674B251DC
                • Part of subcall function 00007FF674B2520C: SHGetSpecialFolderPathW.SHELL32 ref: 00007FF674B25241
                • Part of subcall function 00007FF674B2520C: GetModuleHandleW.KERNEL32 ref: 00007FF674B2528E
                • Part of subcall function 00007FF674B2520C: LoadStringW.USER32 ref: 00007FF674B252AA
                • Part of subcall function 00007FF674B2520C: PathRemoveExtensionW.SHLWAPI ref: 00007FF674B252BB
                • Part of subcall function 00007FF674B2520C: GetModuleHandleW.KERNEL32 ref: 00007FF674B252F9
                • Part of subcall function 00007FF674B2520C: LoadStringW.USER32 ref: 00007FF674B25315
                • Part of subcall function 00007FF674B2520C: PathRemoveExtensionW.SHLWAPI ref: 00007FF674B25326
                • Part of subcall function 00007FF674B268E0: SHCreateItemFromParsingName.SHELL32 ref: 00007FF674B268F4
                • Part of subcall function 00007FF674B268E0: CoCreateInstance.OLE32 ref: 00007FF674B26924
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Path$CreateFolderMessage$ExtensionHandleLoadModuleOpenPostRemoveSpecialString$ChangeCloseDeleteFormatFreeFromInitializeInstanceItemKnownLocalNameNotifyParsingTaskThreadTimeUninitializeValueVersion
              • String ID: In SetIEShowHideFlags. fShow=%1!d!, fPreserveSpadValues=%2!d!$In ShowHideIE. fShow=%1!d!, fForceAssociations=%2!d!, fPreserveSpadValues=%3!d!$Locale$Software\Clients\StartMenuInternet$Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}$Version$shell:::{871C5380-42A0-1069-A2EA-08002B30309D}
              • API String ID: 2920985195-3834798340
              • Opcode ID: 51dfb5291f5a70fcc6bfd49ad1c65dd96561e4be8d432076c7aa28d2bc72d843
              • Instruction ID: a6e5d98661a2c64e9f2c3beb13d2069d8169986ccc87d5bee5da79bc7d5e2770
              • Opcode Fuzzy Hash: 51dfb5291f5a70fcc6bfd49ad1c65dd96561e4be8d432076c7aa28d2bc72d843
              • Instruction Fuzzy Hash: E981C023F28642C6F710DB25A8C8AB9A660BF9AF84F406534DD0D97696DF3CED49C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Internet$ErrorLastString$CloseHandleHttp$FreeOpenRequest$AllocCanonicalizeConnectCrackFileInfoQueryReadSendmemset
              • String ID: IE_EUPP$POST
              • API String ID: 1847757306-3869093421
              • Opcode ID: ba3e533db3d407efd3c5f658493dd1e50e431329b58360ea42ebc0e4c1b34b0e
              • Instruction ID: 65ebe3e538f312e9824e47ca161ea37a5f0feb0c400570a509652b97206ae6ff
              • Opcode Fuzzy Hash: ba3e533db3d407efd3c5f658493dd1e50e431329b58360ea42ebc0e4c1b34b0e
              • Instruction Fuzzy Hash: 64518373618B81CAE7209F65E8986AABBA0FB8AB85F445135DE4D83754DF3CD905CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Library$AddressProcValue$FreeLicenseLoadQuery
              • String ID: AllowTelemetry$AllowTelemetry_PolicyManager$CodeIntegrity.Telemetry$NtQuerySecurityPolicy$OptInLevel$Reserved.PlatformSigned$Software\Policies\Microsoft\Windows\DataCollection$ntdll.dll
              • API String ID: 1629355636-1971245831
              • Opcode ID: 58153877028cc207b23342fb6e019d5e90d2b3fbfe5319eb45a851325eb809a4
              • Instruction ID: 32572de0b20f5e7e6e0e55bf4389e23eacde863bbe94069b690e0396db219b0c
              • Opcode Fuzzy Hash: 58153877028cc207b23342fb6e019d5e90d2b3fbfe5319eb45a851325eb809a4
              • Instruction Fuzzy Hash: D7A16D77A24742CAE7158F68D4C82E87BA0FB0AB98F504136DE0D93798EF39D985C750
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetCurrentProcessId.KERNEL32 ref: 00007FF674B46954
                • Part of subcall function 00007FF674B21574: _vsnwprintf.MSVCRT ref: 00007FF674B215B4
              • CreateMutexExW.KERNEL32 ref: 00007FF674B46996
              • WaitForSingleObjectEx.KERNEL32 ref: 00007FF674B469BF
                • Part of subcall function 00007FF674B2899C: GetLastError.KERNEL32 ref: 00007FF674B289A0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CreateCurrentErrorLastMutexObjectProcessSingleWait_vsnwprintf
              • String ID: Local\SM0:%d:%d:%hs$onecore\internal\sdk\inc\wil\opensource\wil\resource.h$wil
              • API String ID: 3333087404-847674279
              • Opcode ID: e768dbed83ba385b23fc2c8b1f8f5ba2f3c5fcdde328f5b82fdacd1f3d40aa78
              • Instruction ID: 7d0c456a05d8c1a53782010178f8bc36477064a4a3c8bbcb2c8643994cbae8e2
              • Opcode Fuzzy Hash: e768dbed83ba385b23fc2c8b1f8f5ba2f3c5fcdde328f5b82fdacd1f3d40aa78
              • Instruction Fuzzy Hash: F7819573628A42C2E760DB65E4992B9A760FB8BFD4F448131DA4E87795DF3CE8458700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: File$CloseHandleMessageTaskwcscat_s$#820ActiveAllocAttributesBrandCreateDeleteFindFirstFormatFreeLocalModuleNamePostProcessSetupThreadTimememset
              • String ID: -ClearIconCache$In CmdClearIconCacheOnStartup$In CmdOldUserInstall$SIGNUP$SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}$h
              • API String ID: 492487243-1244318026
              • Opcode ID: a0e4242b6bb6a4f1bd931a2b3f6605bf2f64768bcdbb8fadd79dd7b0dededb28
              • Instruction ID: 738995209650b2c4441f6e301ee1b3526d9e0a5b81895b6b740f3273ab463b0b
              • Opcode Fuzzy Hash: a0e4242b6bb6a4f1bd931a2b3f6605bf2f64768bcdbb8fadd79dd7b0dededb28
              • Instruction Fuzzy Hash: 50418733A28A42C6E710DB24E4887BAB7A0FF8AB54F815135D54DC7955DF7CD549CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$Crypt$Encryptmemcpy_s$Param
              • String ID:
              • API String ID: 2866623800-0
              • Opcode ID: 8be2f38d318b77d545bf02cc743ee1b4ebe2e8a3ebeb97f5eb84f5401a0f1d1c
              • Instruction ID: c425990157ba9ce9962719e63907587442c953aa316d1cd7ad7f8dbe10ade0d4
              • Opcode Fuzzy Hash: 8be2f38d318b77d545bf02cc743ee1b4ebe2e8a3ebeb97f5eb84f5401a0f1d1c
              • Instruction Fuzzy Hash: 12715233A18B86CAE7645F59A488779BAA4FF8AFC4F458134DE49C3644DF3CE8049741
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: FileFind$CloseErrorLastwcscat_s$#149CreateFirstHandleNextwcscpy_s
              • String ID: .
              • API String ID: 2239470773-248832578
              • Opcode ID: f008a50d0a282a497e30cf7c828cdb131c741717744b734e58d450f3c4f62908
              • Instruction ID: ac2b4d99c92a125d4c4ae2203b3212b628bed8850823339b600b2b63e8153b09
              • Opcode Fuzzy Hash: f008a50d0a282a497e30cf7c828cdb131c741717744b734e58d450f3c4f62908
              • Instruction Fuzzy Hash: 46513033618A82CAE7219F65E4882BABBB0FB4AB94F405131DE4D87694DF7CD949C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$Process$AddressAllocCloseEnumFreeInfoLibraryLoadOpenProcQuerymemset
              • String ID: \Users
              • API String ID: 3246958429-3656258783
              • Opcode ID: 4936f739c7c3f11413a2ccd7c8750c1b3afaf99fbc9a789f57217991891f4188
              • Instruction ID: aba5cf4208d4906b81a3ee6365aa96dbfefdbfc72417c7077d5c5ab45a7e9d17
              • Opcode Fuzzy Hash: 4936f739c7c3f11413a2ccd7c8750c1b3afaf99fbc9a789f57217991891f4188
              • Instruction Fuzzy Hash: BB717633A18781C7E7108F69A4843AABAA4FB8AB94F504235DE8D97754DF3CD946CB40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: wcscat_s$FileFind$FolderPath$AttributesCloseErrorFirstLastNext
              • String ID:
              • API String ID: 1467164853-0
              • Opcode ID: f12e9b86f85f06c19c7fa6bd0e87e8bfb962c93708858dfe9d94cec63dcfa135
              • Instruction ID: 3028ec11423cc0063860a7c26601ed2df85d41cb8311039173d638079e10cced
              • Opcode Fuzzy Hash: f12e9b86f85f06c19c7fa6bd0e87e8bfb962c93708858dfe9d94cec63dcfa135
              • Instruction Fuzzy Hash: A7917F33628B82CAE760CF25D4842BAB7B0FB4AB58F405231DA5E87794DF39E955C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Progress$#701$CriticalInfoSectionSystem$EnterLeaveLocaleName
              • String ID:
              • API String ID: 4012763942-0
              • Opcode ID: f6bf05161040f0e39d6b128640514a387d574d76e5d44c79f1733446c3cdcf89
              • Instruction ID: fb562ef1c5336867c8eea09bb4b5ffad37ab7f2272e9755863328ae8129b8721
              • Opcode Fuzzy Hash: f6bf05161040f0e39d6b128640514a387d574d76e5d44c79f1733446c3cdcf89
              • Instruction Fuzzy Hash: 02513F23E29A47C6FA50DB64E4DC278A761AF9BF45F448174C90EC3292DF2DBC86C611
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$CryptHash$Param$CreateDataDestroy
              • String ID:
              • API String ID: 2164413237-0
              • Opcode ID: 0677921c7873d9e26123bdd32bc7af7f9c069c4b3c1de20bbab9879168927b8f
              • Instruction ID: f0a791bbb5f6b1f58ed5f9e13a0e72943f2e21d87d71bd70e62fc34a3942737c
              • Opcode Fuzzy Hash: 0677921c7873d9e26123bdd32bc7af7f9c069c4b3c1de20bbab9879168927b8f
              • Instruction Fuzzy Hash: B8415A23A14B42CAE7508FB5A8886B96AA0FB8EFC5F559134DE0DC3714DF78D845D710
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$Crypt$Hash$CreateDataDeriveDestroymemcpy_s
              • String ID:
              • API String ID: 628050030-0
              • Opcode ID: 757bcc50501b083fa4f97aeafdf3291241dcb769b1309e26ce1440de5bdc71aa
              • Instruction ID: ace212825d3c7510b9d76461ce51b4f72861eba033f99be0b72e3eb8467c10cf
              • Opcode Fuzzy Hash: 757bcc50501b083fa4f97aeafdf3291241dcb769b1309e26ce1440de5bdc71aa
              • Instruction Fuzzy Hash: 41412036B14A82CAE7105F65A898679BBA0FB8AFC5F589134DA4EC3754DF3CD8058700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Resource$#650CreateFile$#654CloseDirectoryFindHandleLoadLockSizeofWritewcsrchr
              • String ID:
              • API String ID: 3992202063-0
              • Opcode ID: e663a5a9296f81b5ce4c4dc3147b47dc55602735e08862a974465eae1023ae49
              • Instruction ID: 504a70d8a017ee3d81ea958e4d50be06e0564534cc86b7865ef39b5d6d5fcb62
              • Opcode Fuzzy Hash: e663a5a9296f81b5ce4c4dc3147b47dc55602735e08862a974465eae1023ae49
              • Instruction Fuzzy Hash: BC515033629B81C7EB10CF25E4885A9BBA0FB8AB90F559135DA4D47B54DF3DD909CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Cert$Certificate$Chain$StoreUsage$EnhancedErrorFreeLastPolicyVerify$CloseContextCryptFindImportInfoIntendedOpenPublic
              • String ID: Trust
              • API String ID: 1112488655-3418866602
              • Opcode ID: 418a099fe22bddacef5450bc4e7ea9d1b8a840be03ec48669bb194fea85fa35f
              • Instruction ID: 42b568c81e4be785982f15e31193adfc381212093fb30527db316a192a297fd2
              • Opcode Fuzzy Hash: 418a099fe22bddacef5450bc4e7ea9d1b8a840be03ec48669bb194fea85fa35f
              • Instruction Fuzzy Hash: 34415D33A28B42C7E7149B26A488769B6E0FB4AFC1F558134DE4D87B54DF3CE8158700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: User$#123CharCloseDefaultGlobalizationLocaleNameNextOpenSettingsValue
              • String ID: AcceptLanguage$Software\Microsoft\Internet Explorer\International
              • API String ID: 3635003594-784331173
              • Opcode ID: 21795c197fcef2542fd14a67f6fef2d471253d6f6bb6cdadff1d7ba3978edd78
              • Instruction ID: 4e667c9542ba5cd21875c807cc142883497c7950d3305c41705cff1edaee154f
              • Opcode Fuzzy Hash: 21795c197fcef2542fd14a67f6fef2d471253d6f6bb6cdadff1d7ba3978edd78
              • Instruction Fuzzy Hash: 92414233628B42C6EB509F15E4941B9B7A1FB8AF80F454136EA8E83754DF3CD945CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Path$ExtensionHandleLoadLocalModuleRemoveString$AllocCreateDirectoryExistsFileFolderFreeSpecial
              • String ID: Internet Explorer
              • API String ID: 715972500-1412615936
              • Opcode ID: aa88c3ac500360a9e8df74dbcd466899ee021f3be11f88d2dd11f0dbe3618c1c
              • Instruction ID: 9468de096a3d93d1afe97dffe21421d9d1f233c5574af549ec8ec00fecec7a6d
              • Opcode Fuzzy Hash: aa88c3ac500360a9e8df74dbcd466899ee021f3be11f88d2dd11f0dbe3618c1c
              • Instruction Fuzzy Hash: 98316633624AC1C6E760DF24E858BFA7760FB8AB49F855532DA0E87A54DF38D609C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLastmemcpy_s$CriticalHeapSection$AllocCryptEnterLeaveProcessRandom
              • String ID:
              • API String ID: 2147994481-0
              • Opcode ID: 4035378c043bd339f2aedd8ded78f911d5d68c00ac44f36c34e4ffbb85d88af0
              • Instruction ID: 53b93c538dd33e53c33209cd7f167393f8478a4b742a5bd2c3d53fb71e6c499b
              • Opcode Fuzzy Hash: 4035378c043bd339f2aedd8ded78f911d5d68c00ac44f36c34e4ffbb85d88af0
              • Instruction Fuzzy Hash: C2517326B28782CAE7509F25A4886B9BBA0FB8AFC4F544130DE4E83755DF3CD806C750
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$Cert$CertificateContext$CryptPropertyStore$CertificatesCloseEnumFreeImportInfoParamPublic
              • String ID:
              • API String ID: 506061795-0
              • Opcode ID: ec301fba079c3e79e77ec65c55d91e94d749e2b1c439bf8865befa02d1bfd9f5
              • Instruction ID: a6aba9cf1c6fda0fe822fa38ebdbabcd661d15af0c1b0a246b6025cd14426331
              • Opcode Fuzzy Hash: ec301fba079c3e79e77ec65c55d91e94d749e2b1c439bf8865befa02d1bfd9f5
              • Instruction Fuzzy Hash: D6413C23A14B46CBE7109F69A49837ABBA0FB8AF95F544135CB4AC3654DF7CE806C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: FreeString$AllocBstrEventMessagePostTaskTransferWrite
              • String ID: searchscope
              • API String ID: 931234260-110112929
              • Opcode ID: 1a34b0a395925d51a76eef7d56bac9bd8bc80b14c89a0f0eb8e94144aad5cbfa
              • Instruction ID: 4e24daeec44241f53e1d1738019d0a4ed0d2bb1278e9fc2d4d45ed19bd44b57e
              • Opcode Fuzzy Hash: 1a34b0a395925d51a76eef7d56bac9bd8bc80b14c89a0f0eb8e94144aad5cbfa
              • Instruction Fuzzy Hash: 46A15F23A28602C6FB64CBA6D4D86B967A0BF56F88F544435DE0E87A95DF3CE945C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: BinaryCryptString$ErrorLastisalnumstrnlen
              • String ID: thumbprint
              • API String ID: 1551080337-1670052307
              • Opcode ID: 63c1dd2fe8e88f6f9018054e15f627d5ed35639a7994b987a01a1c9410be33c7
              • Instruction ID: 2e7759c51521247cc61ad8d7bda42ab93ef85a79e45ba4f63ad7fce1bc8ed391
              • Opcode Fuzzy Hash: 63c1dd2fe8e88f6f9018054e15f627d5ed35639a7994b987a01a1c9410be33c7
              • Instruction Fuzzy Hash: 93418E27A18B42C7E7109F22A888379BA94FB4BF84F158275DA4D83750DF3DE9468700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CryptHash$ErrorLast$CreateDataDestroyParam
              • String ID:
              • API String ID: 3383248918-3916222277
              • Opcode ID: 910abb4f31203d810479c8316337f4fa5b8bbf951344f6cad23898a8ba4fdc71
              • Instruction ID: d62cb79560624302afa38f016d498d71a949f213e8eef85019d22dab77df341a
              • Opcode Fuzzy Hash: 910abb4f31203d810479c8316337f4fa5b8bbf951344f6cad23898a8ba4fdc71
              • Instruction Fuzzy Hash: 08212C32A28B81C7E7408B66A588769BAA0FB8AFC5F559175DA4D87B54DF38D804C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: FreeLibraryOnce$AddressExecuteInitLoadLocalProc
              • String ID: SLGetWindowsInformation$shell32-license-UseBingAsDefaultSearchProvider$slc.dll
              • API String ID: 3052823752-3737774969
              • Opcode ID: c7aba29e0fda476fc9f68490eab564b2d9cd2b3cba63d77795e6c30f49d19d61
              • Instruction ID: ee22dff780c1da9f1d2df3c6974bc46e4a2588f1fe570000d3262c11d02dafc0
              • Opcode Fuzzy Hash: c7aba29e0fda476fc9f68490eab564b2d9cd2b3cba63d77795e6c30f49d19d61
              • Instruction Fuzzy Hash: 01111936A28A42D6EA00DB24E4881B9BBB0FF57F95B545531DA4D83254DF3DE849CB40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Crypt$Cert$ErrorHashLastStore$CertificateDestroy$CloseContextCreateFindFreeImportInfoOpenParamPublicSignatureVerify
              • String ID:
              • API String ID: 1994448431-0
              • Opcode ID: 890716f793129f8509c954d34c6e6982eae01f1929bf4754abfd0fc505bd8673
              • Instruction ID: f254b70feb0d2a6ae4ca034a4ae73051c5bbd3ad65d361aeb3c836c56ec120f8
              • Opcode Fuzzy Hash: 890716f793129f8509c954d34c6e6982eae01f1929bf4754abfd0fc505bd8673
              • Instruction Fuzzy Hash: E9411F33A28B42C7E7509B76E4887B9A6A0FB8AF85F458131DA4DC7654DF3CE804C710
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: memcpy_s$Heap$AllocProcess
              • String ID:
              • API String ID: 1309595355-0
              • Opcode ID: 308e2109f80933f03ac11630729c6f3ab86348cf32f4d4a9c56d79f4a7131f44
              • Instruction ID: 8cb72c7fe682e978671397e4530c3ad12a82a7ef2a6d29f63def6825a3c1c438
              • Opcode Fuzzy Hash: 308e2109f80933f03ac11630729c6f3ab86348cf32f4d4a9c56d79f4a7131f44
              • Instruction Fuzzy Hash: 99223C73618BC5C6EB74CB16E4847AAB7A5FB89B90F504126DA8D83B58DF3CE445CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Find$ErrorFileLast$CloseFirstFreeLocalNext
              • String ID: .
              • API String ID: 2978595652-248832578
              • Opcode ID: 1ea91f550a2f4aad4062f718024bbed3e61d999c2b9c0c91896d1233eb3f0dce
              • Instruction ID: e02cd5caedbfc2dbdeb047a7b773f29b79ee10733a26e129edf85361e6366c43
              • Opcode Fuzzy Hash: 1ea91f550a2f4aad4062f718024bbed3e61d999c2b9c0c91896d1233eb3f0dce
              • Instruction Fuzzy Hash: FA41A927A28682C6E7219B69A8C83BA6790FB46BE4F404231DE5DC76D4DF7CDD45C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • CryptGenRandom.ADVAPI32 ref: 00007FF674B41767
              • memcpy_s.MSVCRT ref: 00007FF674B417DC
              • CryptEncrypt.ADVAPI32 ref: 00007FF674B41816
              • GetLastError.KERNEL32 ref: 00007FF674B41826
              • GetLastError.KERNEL32 ref: 00007FF674B4183B
              • GetLastError.KERNEL32 ref: 00007FF674B41855
                • Part of subcall function 00007FF674B41A34: memcpy_s.MSVCRT ref: 00007FF674B41A77
                • Part of subcall function 00007FF674B41A34: CryptCreateHash.ADVAPI32(?,?,?,?,?,00007FF674B4178F), ref: 00007FF674B41A9C
                • Part of subcall function 00007FF674B41A34: CryptHashData.ADVAPI32(?,?,?,?,?,00007FF674B4178F), ref: 00007FF674B41ABF
                • Part of subcall function 00007FF674B41A34: CryptDeriveKey.ADVAPI32(?,?,?,?,?,00007FF674B4178F), ref: 00007FF674B41AE8
                • Part of subcall function 00007FF674B41A34: GetLastError.KERNEL32(?,?,?,?,?,00007FF674B4178F), ref: 00007FF674B41AF8
                • Part of subcall function 00007FF674B41A34: GetLastError.KERNEL32(?,?,?,?,?,00007FF674B4178F), ref: 00007FF674B41B12
                • Part of subcall function 00007FF674B41A34: CryptDestroyHash.ADVAPI32(?,?,?,?,?,00007FF674B4178F), ref: 00007FF674B41B46
                • Part of subcall function 00007FF674B41A34: GetLastError.KERNEL32(?,?,?,?,?,00007FF674B4178F), ref: 00007FF674B41B27
                • Part of subcall function 00007FF674B41A34: GetLastError.KERNEL32(?,?,?,?,?,00007FF674B4178F), ref: 00007FF674B41B54
                • Part of subcall function 00007FF674B41A34: GetLastError.KERNEL32(?,?,?,?,?,00007FF674B4178F), ref: 00007FF674B41B6E
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • GetLastError.KERNEL32 ref: 00007FF674B4186A
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$Crypt$Hash$Heapmemcpy_s$AllocCreateDataDeriveDestroyEncryptProcessRandom
              • String ID:
              • API String ID: 4253960083-0
              • Opcode ID: bf52dbc145db6dbe62ae2a3575e2deafe5a1517ee12479ea82a7979a1ee0e114
              • Instruction ID: 4bec69a1eba81d8dc5b48b82058e1a8f4294fcddbdc4ead549653ac003745cfe
              • Opcode Fuzzy Hash: bf52dbc145db6dbe62ae2a3575e2deafe5a1517ee12479ea82a7979a1ee0e114
              • Instruction Fuzzy Hash: 8A415233A18B46C7EB109B69E4982AAB7A0FB8AF90F544135DB4E83754DF3DE845C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B49938: GetCurrentThread.KERNEL32 ref: 00007FF674B49949
                • Part of subcall function 00007FF674B49938: OpenThreadToken.ADVAPI32(?,?,?,00007FF674B49A15,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49962
                • Part of subcall function 00007FF674B49938: GetLastError.KERNEL32(?,?,?,00007FF674B49A15,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49972
                • Part of subcall function 00007FF674B49938: GetCurrentProcess.KERNEL32(?,?,?,00007FF674B49A15,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B4999E
                • Part of subcall function 00007FF674B49938: OpenProcessToken.ADVAPI32(?,?,?,00007FF674B49A15,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B499B5
              • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49A24
              • GetTokenInformation.ADVAPI32(?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49A4A
              • ConvertSidToStringSidW.ADVAPI32 ref: 00007FF674B49AB5
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49AC9
              • GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49AE3
              • HeapFree.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49AF7
              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49B08
                • Part of subcall function 00007FF674B49B28: GetLastError.KERNEL32(?,?,?,?,00000000,00007FF674B49A6F,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49B4C
                • Part of subcall function 00007FF674B49B28: HeapAlloc.KERNEL32(?,?,?,?,00000000,00007FF674B49A6F,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49B6C
                • Part of subcall function 00007FF674B49B28: GetTokenInformation.ADVAPI32(?,?,?,?,00000000,00007FF674B49A6F,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49B97
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: HeapProcessToken$ErrorLast$CurrentInformationOpenThread$AllocCloseConvertFreeHandleString
              • String ID:
              • API String ID: 1022525647-0
              • Opcode ID: 543189498478a5dcd76b9a40d2e9153d3c3716ef1c32a4e1b3c30bf1b2211a10
              • Instruction ID: 70c471e84b5da2376ee20747f68d3fa4362e1bc05d99860269c33bfbb7d21d2f
              • Opcode Fuzzy Hash: 543189498478a5dcd76b9a40d2e9153d3c3716ef1c32a4e1b3c30bf1b2211a10
              • Instruction Fuzzy Hash: 89311E32A18B42D7E7009B79A5986B966A0FB8BFD1F448531DA4E87654DF3CE8458700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • SetCurrentDirectoryW.KERNEL32 ref: 00007FF674B24E72
              • FindFirstFileW.KERNEL32 ref: 00007FF674B24E8E
                • Part of subcall function 00007FF674B24494: SetFileAttributesW.KERNEL32(?,00007FF674B25154), ref: 00007FF674B244E1
                • Part of subcall function 00007FF674B24494: DeleteFileW.KERNEL32(?,00007FF674B25154), ref: 00007FF674B244F2
                • Part of subcall function 00007FF674B24494: SHChangeNotify.SHELL32 ref: 00007FF674B2450D
              • FindNextFileW.KERNEL32 ref: 00007FF674B24EB8
              • FindClose.KERNEL32 ref: 00007FF674B24ECB
              • SetCurrentDirectoryW.KERNEL32 ref: 00007FF674B24EDA
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: File$Find$CurrentDirectory$AttributesChangeCloseDeleteFirstNextNotify
              • String ID: *.{871C5380-42A0-1069-A2EA-08002B30309D}
              • API String ID: 2401681968-4084126563
              • Opcode ID: 4fc075e66d76155e84885767b839dcb44ac4f67ac72fd912f787004181335062
              • Instruction ID: f4b72325d6d040abb64f709cf3b1f7d7c5831d3e415ab2049baed1f238ec30a2
              • Opcode Fuzzy Hash: 4fc075e66d76155e84885767b839dcb44ac4f67ac72fd912f787004181335062
              • Instruction Fuzzy Hash: 2111EF36618B41C6EA549B15E488279B7A0FB8AFE0F859231DE5D83B94DF3CD949C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • CryptStringToBinaryW.CRYPT32 ref: 00007FF674B39DD7
              • GetLastError.KERNEL32(?,?,?,?,?,00000000,?,00007FF674B3A171), ref: 00007FF674B39E94
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • CryptStringToBinaryW.CRYPT32 ref: 00007FF674B39E1F
              • GetLastError.KERNEL32(?,?,?,?,?,00000000,?,00007FF674B3A171), ref: 00007FF674B39E3A
              • GetLastError.KERNEL32(?,?,?,?,?,00000000,?,00007FF674B3A171), ref: 00007FF674B39E54
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$BinaryCryptHeapString$AllocProcess
              • String ID:
              • API String ID: 2934262020-0
              • Opcode ID: bc8209b1d5e3aaa763b00372c98e3be3816294a6967263068237765458285d1a
              • Instruction ID: 44e29c45c386f73be9c111d919bf3206ce122b48935a625574f3cd64fc5f1077
              • Opcode Fuzzy Hash: bc8209b1d5e3aaa763b00372c98e3be3816294a6967263068237765458285d1a
              • Instruction Fuzzy Hash: 30313433A18B51CBE3109F7AA894269B6D4FB8AF80F598534DA4DC3754DF3CE8458710
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CryptErrorLastRandom
              • String ID: dsp$https://ieonline.microsoft.com/EUPP/v1/service?action=needfirstrun&appid=Microsoft_IE_EUPP
              • API String ID: 1176002950-197285457
              • Opcode ID: 94c841943a80b725a154659ee9bb0d460b1465342de61d40c4e6136a7117f412
              • Instruction ID: 42c88d1c1560d89155d10f5c2004ff96ca6605187b96c075754a5b630363f5ea
              • Opcode Fuzzy Hash: 94c841943a80b725a154659ee9bb0d460b1465342de61d40c4e6136a7117f412
              • Instruction Fuzzy Hash: 35516B63B28A02CAFB10CB66E4883AD77A4EB8AB84F554535DE4D87754DF3CE805C340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$AcquireContextCryptEventTransferWrite
              • String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
              • API String ID: 3111804345-63410773
              • Opcode ID: 7013af233b247626a86cbe2e685cce53afd791b4687dfb3ff12f67b82d2771a9
              • Instruction ID: 6b7e769365e774fb8f0fb4ca7fde30fb7e335f5527388eef7e2c806c9607b1fe
              • Opcode Fuzzy Hash: 7013af233b247626a86cbe2e685cce53afd791b4687dfb3ff12f67b82d2771a9
              • Instruction Fuzzy Hash: 0E314C22B28B42C6FB409B69E8DC279A6A4BF8AF80F944134DA4DC3655DF7DEC44C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CertificateCryptErrorHashLastmemcmp
              • String ID:
              • API String ID: 2621720666-3916222277
              • Opcode ID: beb198c45fe2eb45f3ba0d2edce4396efef914c5032ffa7aab696a7868173ba4
              • Instruction ID: 55428a59ebe8531cd5b58311dc3598089b75e95c4b68eb419c129d2ed3e456ae
              • Opcode Fuzzy Hash: beb198c45fe2eb45f3ba0d2edce4396efef914c5032ffa7aab696a7868173ba4
              • Instruction Fuzzy Hash: 0D313C63A28B45C6EB54CB26D4C836977A0FB8AF84F615136DB4D83354DF39D890CB40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: BinaryCryptString$ErrorLast
              • String ID:
              • API String ID: 1952235381-0
              • Opcode ID: 7faef8d175d153ec5999ba720219abc7d543e97fee4a5a02fb4b65eaafd313ea
              • Instruction ID: afcfc82b1a7228361639895448f5775462f149183b27884e7fc4ef1873dc6988
              • Opcode Fuzzy Hash: 7faef8d175d153ec5999ba720219abc7d543e97fee4a5a02fb4b65eaafd313ea
              • Instruction Fuzzy Hash: D8212C36A18B42C7E7109B66A488379B7A0FB8BF94F948235DB8D87754EF3DD8508700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • CryptDestroyKey.ADVAPI32 ref: 00007FF674B41C00
              • CryptDestroyKey.ADVAPI32 ref: 00007FF674B41C1A
              • CryptDestroyKey.ADVAPI32 ref: 00007FF674B41C34
              • CryptReleaseContext.ADVAPI32 ref: 00007FF674B41C50
                • Part of subcall function 00007FF674B2195C: GetProcessHeap.KERNEL32 ref: 00007FF674B21969
                • Part of subcall function 00007FF674B2195C: HeapFree.KERNEL32 ref: 00007FF674B2197D
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Crypt$Destroy$Heap$ContextFreeProcessRelease
              • String ID:
              • API String ID: 4130806261-0
              • Opcode ID: 37608e07f94970868204d9c5889e474f14a27a3ad23203aff61fd3f90885cdb5
              • Instruction ID: 06ed85f8c094bb2ad934e759adac9546ac4ad25f4ef2e1bfa1f4cde363709b33
              • Opcode Fuzzy Hash: 37608e07f94970868204d9c5889e474f14a27a3ad23203aff61fd3f90885cdb5
              • Instruction Fuzzy Hash: E211E933A26A05C6EB559F69C49D33927A1EF8AF49F144234CA0E8A655CF3DD885C380
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B47EBC: LoadLibraryExW.KERNEL32 ref: 00007FF674B47F35
                • Part of subcall function 00007FF674B47EBC: GetProcAddress.KERNEL32 ref: 00007FF674B47F53
                • Part of subcall function 00007FF674B47EBC: NtQueryLicenseValue.NTDLL ref: 00007FF674B47F85
                • Part of subcall function 00007FF674B47EBC: FreeLibrary.KERNEL32 ref: 00007FF674B47FFB
              • NtQueryLicenseValue.NTDLL ref: 00007FF674B482BF
                • Part of subcall function 00007FF674B4790C: LoadLibraryExW.KERNEL32 ref: 00007FF674B47942
                • Part of subcall function 00007FF674B4790C: GetProcAddress.KERNEL32 ref: 00007FF674B47960
                • Part of subcall function 00007FF674B4790C: GetProcAddress.KERNEL32 ref: 00007FF674B47979
                • Part of subcall function 00007FF674B4790C: FreeLibrary.KERNEL32 ref: 00007FF674B47BBE
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Library$AddressProc$FreeLicenseLoadQueryValue
              • String ID: AllowTelemetry$ConfigureTelemetryOptInSettingsUx
              • API String ID: 1791012833-1228298405
              • Opcode ID: a5ff96c5f5e4c22bc1729518e74bc9a03b828c902d5197af8ff95c7d4cbe084c
              • Instruction ID: 7a0bf33057a53707d648f9bfd6a7592345103ccd47511f81a9f59015b22416ce
              • Opcode Fuzzy Hash: a5ff96c5f5e4c22bc1729518e74bc9a03b828c902d5197af8ff95c7d4cbe084c
              • Instruction Fuzzy Hash: 4D314277A24652CEEB408F65D8C86E877A0FB16B98F405135EB0E82A89DF78D994C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CurrentDebugDebuggerOutputPresentStringThread
              • String ID:
              • API String ID: 4268342597-0
              • Opcode ID: 8243d28325cf24086773e4294987398340669782a28f90ff9699478599bbd646
              • Instruction ID: a7d5995c1440d4626340693e9a38f844a1cf4901fa9da1e7e6cf85c9837eb4d7
              • Opcode Fuzzy Hash: 8243d28325cf24086773e4294987398340669782a28f90ff9699478599bbd646
              • Instruction Fuzzy Hash: C2811A23A29B82C5EAA5DF25A4C8239B7A0FF46F84F184539C94D87794DF3DE885C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Versionmemset
              • String ID:
              • API String ID: 3136939366-0
              • Opcode ID: 5d765d1aa94e121c9bb204fb79acca56ea2461e29a67720dc8b20508bc9c2d3a
              • Instruction ID: 70def847ea4c0696a927cd7df7e58325e3aba375cf92916b0f1dd1800671ee87
              • Opcode Fuzzy Hash: 5d765d1aa94e121c9bb204fb79acca56ea2461e29a67720dc8b20508bc9c2d3a
              • Instruction Fuzzy Hash: 23314433628A81C7F7609B65E4987A9BBA0FB8BB40F855135DA8E43755DF3CD849CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • CryptAcquireContextW.ADVAPI32 ref: 00007FF674B345B3
              • CryptReleaseContext.ADVAPI32 ref: 00007FF674B3461C
                • Part of subcall function 00007FF674B2195C: GetProcessHeap.KERNEL32 ref: 00007FF674B21969
                • Part of subcall function 00007FF674B2195C: HeapFree.KERNEL32 ref: 00007FF674B2197D
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$ContextCryptProcess$AcquireAllocFreeRelease
              • String ID:
              • API String ID: 1797299605-0
              • Opcode ID: 76b06eff4b275ef8f6e2f11b060ec25ef5aaf63a98b159382b0fb0ab1f79f4bd
              • Instruction ID: 7ca9313c48249ce14464a28edee8525c401e406ebb716a9c4815092f39b2be4d
              • Opcode Fuzzy Hash: 76b06eff4b275ef8f6e2f11b060ec25ef5aaf63a98b159382b0fb0ab1f79f4bd
              • Instruction Fuzzy Hash: 0B216237A29751C2EB55CF269598339A2A0EF86F84F058134DA4D87788CF3CDC518740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Exception$FilterRaiseUnhandled
              • String ID:
              • API String ID: 1484249558-0
              • Opcode ID: 0fb342618ff3edf3ad4110a71cf5484b8004638d52aa2a5b849267a315ff63a8
              • Instruction ID: ca29f883810d26a9d1b08533a3ace032929fbed57ded1d52eff3a0a9f968db8f
              • Opcode Fuzzy Hash: 0fb342618ff3edf3ad4110a71cf5484b8004638d52aa2a5b849267a315ff63a8
              • Instruction Fuzzy Hash: 5BF09033618B41C2D7349B94F054379BAA1FB9AB80F148139DE8D47758DF3CD5548B44
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,80004005,00007FF674B33F22), ref: 00007FF674B40A54
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Time$FileSystem
              • String ID:
              • API String ID: 2086374402-0
              • Opcode ID: 08229f71d2b421a5ebc962edb65bfc9ecc3d687c9c5d5d9e937d16c59b9e2e82
              • Instruction ID: ba07c844f2ef6d8c6c8f02be2695decfa815ba386a919a1118fdace09b0539f0
              • Opcode Fuzzy Hash: 08229f71d2b421a5ebc962edb65bfc9ecc3d687c9c5d5d9e937d16c59b9e2e82
              • Instruction Fuzzy Hash: DE116033A28742C6E6508B15A48416A76E5FB86FC4F284531DE8C83BD6DF38ED428700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • CryptReleaseContext.ADVAPI32(?,?,?,00007FF674B344D4), ref: 00007FF674B3453B
                • Part of subcall function 00007FF674B2195C: GetProcessHeap.KERNEL32 ref: 00007FF674B21969
                • Part of subcall function 00007FF674B2195C: HeapFree.KERNEL32 ref: 00007FF674B2197D
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$ContextCryptFreeProcessRelease
              • String ID:
              • API String ID: 2055178999-0
              • Opcode ID: 0075a531acb6a4a57998c2b0fa9afa38cf5faaa91c6d82a484ca66be2462e6af
              • Instruction ID: 4773e208b40042245481368b0ed152d1ac35f17937a9e82b8bb42badefe51b2e
              • Opcode Fuzzy Hash: 0075a531acb6a4a57998c2b0fa9afa38cf5faaa91c6d82a484ca66be2462e6af
              • Instruction Fuzzy Hash: 95F0FB27A29B06D6EE458F65E89837833A4EB8AF84F588131CA5D47714DF3CD8518340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ExceptionFilterUnhandled
              • String ID:
              • API String ID: 3192549508-0
              • Opcode ID: 9fa09372ac2b6e558fa1f18efe20d62e2307cb08916f1b98f1b5cb8d4ae77b8c
              • Instruction ID: d96fce6f26bb836e6eb180db61a0b78e16a1d81d744028d45e76c834260df59f
              • Opcode Fuzzy Hash: 9fa09372ac2b6e558fa1f18efe20d62e2307cb08916f1b98f1b5cb8d4ae77b8c
              • Instruction Fuzzy Hash: A2B09215E35802C2DA04AB699CE906022A0BB5AB80FC10431C00DC2120DF1CA99B8700
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 70e19bb8407c61e34a1c47f5836692da4dcdc1168991121e7300244e00ac3f58
              • Instruction ID: 82e0f835aa9a9839fd79e255aabd4db2effa518367415e349a483134cbbbe018
              • Opcode Fuzzy Hash: 70e19bb8407c61e34a1c47f5836692da4dcdc1168991121e7300244e00ac3f58
              • Instruction Fuzzy Hash: 9312B4B7F3841047D72DCB19EC52FA976A2B7A4348749A02CA607D3F44EA3DFE158A44
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b43e82328ffc99bc7a76766c94d34ce768ff662acadee616fb778ad22910b8d
              • Instruction ID: cf222de9b08dfdd78d307ce7bc58c104a64e55403e101f0cb2b108c74ed53b76
              • Opcode Fuzzy Hash: 7b43e82328ffc99bc7a76766c94d34ce768ff662acadee616fb778ad22910b8d
              • Instruction Fuzzy Hash: EAA13937B18A56DBEB18CFB6D4942AD33B1FB49B88B014535DE09A7A48DF38E8158740
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f6f0404d8c561c9b3f4b608d8456b6dc327ba9193c3a7336f6d2d0eee7641468
              • Instruction ID: bfb07edd9ab406f2d516262b0f622fe390c0f64b9cd33f6eab7fe6472b6f505c
              • Opcode Fuzzy Hash: f6f0404d8c561c9b3f4b608d8456b6dc327ba9193c3a7336f6d2d0eee7641468
              • Instruction Fuzzy Hash: FE7147B3B356A587E76C8E18C459A783292A781BC0B55C53DDA0AC7BC4DE3DED40EB40
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6295b9f36efd4c31760cdbdb0637aafd2c8a61e40401817d281a79d7845f3b9
              • Instruction ID: af13fe155a5244f2098761d4176d3f5de3c1c60df566e5897968970c5e1243c2
              • Opcode Fuzzy Hash: d6295b9f36efd4c31760cdbdb0637aafd2c8a61e40401817d281a79d7845f3b9
              • Instruction Fuzzy Hash: 88518AB7B24A41CAEB548F6AD8457A976A0F749B88F044039DE0DC7B54DE3DEC42C740
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 03af0761061c05c8087de23d13a430ad1254f8bc16d93bf78891331ee02789e6
              • Instruction ID: bd0efb04b6edd403de325609fbf86da543fad2618c2dc77a47b4fdeddbc72eb8
              • Opcode Fuzzy Hash: 03af0761061c05c8087de23d13a430ad1254f8bc16d93bf78891331ee02789e6
              • Instruction Fuzzy Hash: 1F412633B305254AD71C4D3C562B52DDD9E93C5380B90F93AE686CBFADDD2AD9128A80
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ExclusiveLock$AcquireRelease
              • String ID:
              • API String ID: 17069307-0
              • Opcode ID: efcf36a41483f191ae8fd3f63107bbbfd02d3235443d560fe9aa57f3555be380
              • Instruction ID: f887ba1a4a48dfbc2311e9c82db376c94bcdd9e3641423dffa8e153ebd1fbc2e
              • Opcode Fuzzy Hash: efcf36a41483f191ae8fd3f63107bbbfd02d3235443d560fe9aa57f3555be380
              • Instruction Fuzzy Hash: 3A31D833B3855187EBA88A3DD88576A66D1E786BC4F448134EA49C7B88DE3CDC42CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ExclusiveLock$AcquireRelease
              • String ID:
              • API String ID: 17069307-0
              • Opcode ID: 21526c3751e8ed0ec6a44f8fc99c6866a5f772b44d916c1507a819e601cca11c
              • Instruction ID: b5e12ab7fbc26f27011a5ae234324ee76b170450d8af132ad5a62d5aa7dbeb77
              • Opcode Fuzzy Hash: 21526c3751e8ed0ec6a44f8fc99c6866a5f772b44d916c1507a819e601cca11c
              • Instruction Fuzzy Hash: 7431D533B3856186EBA88A3DD88573A66D1E785BC4F449134EA0DC7B88DE3CDC42CB40
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a8601153844eb919040d69870f82575c3ddd0f300710fa1108b9e361430ee609
              • Instruction ID: e263f9fa82e59a56ed291003f456bc61d92621d3e7d8156e6ffc7ff4f50849d3
              • Opcode Fuzzy Hash: a8601153844eb919040d69870f82575c3ddd0f300710fa1108b9e361430ee609
              • Instruction Fuzzy Hash: EA316C7BB3416047C71C4E3CA65751DA98ED3D5380780B93AEA46CBFD9DD3AE9128B40
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 284 7ff674b4790c-7ff674b47954 LoadLibraryExW 285 7ff674b47988-7ff674b47995 284->285 286 7ff674b47956-7ff674b47985 GetProcAddress * 2 284->286 287 7ff674b47a08-7ff674b47a23 _wcsicmp 285->287 288 7ff674b47997-7ff674b4799a 285->288 286->285 289 7ff674b47a29-7ff674b47a41 _wcsicmp 287->289 290 7ff674b47b27-7ff674b47b75 RegGetValueW 287->290 288->287 291 7ff674b4799c-7ff674b479c9 288->291 292 7ff674b47a4f-7ff674b47a67 _wcsicmp 289->292 293 7ff674b47a43-7ff674b47a4a 289->293 294 7ff674b47b77 290->294 295 7ff674b47b7d-7ff674b47b87 290->295 291->295 304 7ff674b479cf-7ff674b479d6 291->304 298 7ff674b47a69-7ff674b47a70 292->298 299 7ff674b47a75-7ff674b47a90 _wcsicmp 292->299 293->290 294->295 296 7ff674b47b89-7ff674b47b8d 295->296 297 7ff674b47b98-7ff674b47b9b 295->297 296->297 301 7ff674b47bb6-7ff674b47bb9 297->301 302 7ff674b47b9d-7ff674b47ba8 297->302 298->290 299->290 303 7ff674b47a96-7ff674b47ab1 _wcsicmp 299->303 305 7ff674b47bbb-7ff674b47bc5 FreeLibrary 301->305 306 7ff674b47bca-7ff674b47bcc 301->306 302->301 317 7ff674b47baa-7ff674b47bb1 call 7ff674b482f0 302->317 303->290 307 7ff674b47ab3-7ff674b47ace _wcsicmp 303->307 308 7ff674b479d8-7ff674b479dc 304->308 309 7ff674b479fe-7ff674b47a03 304->309 305->306 312 7ff674b47be6-7ff674b47bf6 306->312 313 7ff674b47bce-7ff674b47be1 call 7ff674b29054 306->313 307->290 311 7ff674b47ad0-7ff674b47aeb _wcsicmp 307->311 314 7ff674b479e6-7ff674b479ea 308->314 315 7ff674b479de-7ff674b479e1 308->315 309->297 311->290 318 7ff674b47aed-7ff674b47b08 _wcsicmp 311->318 313->312 314->309 316 7ff674b479ec-7ff674b479f9 314->316 315->297 316->297 317->301 318->290 321 7ff674b47b0a-7ff674b47b25 _wcsicmp 318->321 321->290 322 7ff674b47b8f-7ff674b47b93 321->322 322->297
              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressLibraryProc$FreeLoad
              • String ID: AllowCommercialDataPipeline$AllowTelemetry$ConfigureTelemetryOptInChangeNotification$ConfigureTelemetryOptInSettingsUx$DisableDeviceDelete$DisableDiagnosticDataViewer$DisableOneSettingsDownloads$DisableTelemetryOptInChangeNotification$DisableTelemetryOptInSettingsUx$EnableOneSettingsAuditing$LimitEnhancedDiagnosticDataWindowsAnalytics$PolicyManager_FreeGetPolicyData$PolicyManager_GetPolicy$Software\Policies\Microsoft\Windows\DataCollection$System$onecore\base\telemetry\permission\lib\telemetrypermission.cpp$policymanager.dll
              • API String ID: 2256533930-4007305814
              • Opcode ID: d7e29df087f457c5de8cb134c514b690fdb605c60d433f5d44d951e1b6349e47
              • Instruction ID: 54772edb2d86083aa66bf051b81fe024dd105d3c8ad8838da880634cea923259
              • Opcode Fuzzy Hash: d7e29df087f457c5de8cb134c514b690fdb605c60d433f5d44d951e1b6349e47
              • Instruction Fuzzy Hash: A0811E62B28742C6EB108F15E8983B9A7A5BF46FD5F488135CE0E86690EF3DE945C700
              Uniqueness

              Uniqueness Score: -1.00%

              Control-flow Graph

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Handle$Close$ErrorLastProcess$CreateCurrentMessage$DuplicateFileFormatLocalObjectPostSingleThreadTimeWaitmemset
              • String ID: Command line returned: %1!lx!$Command line returned: 0x%1!08lx!$Launching command line to remove package: %1$Output will be redirected to: %1$Unable to get exit code. Error: 0x%1!08lx!
              • API String ID: 1923633004-2439298233
              • Opcode ID: e61bc17935f51f890f659f4c3badc670e13e6b26dbd3ac3fc10281759deeaf24
              • Instruction ID: ae663d055b45a42eec363ab870ffe4dcb2dd790db07792387bcf2b9920db1ee4
              • Opcode Fuzzy Hash: e61bc17935f51f890f659f4c3badc670e13e6b26dbd3ac3fc10281759deeaf24
              • Instruction Fuzzy Hash: 95814E33A14A41CAE7109F60E4882BDBBB1FB4AB98F449535DE4E97B54CF38D949CB40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Variant$ClearInitString$Alloc$FreeHeapValue$CreateDeleteInstanceProcess
              • String ID: CleanupTask$Software\Microsoft\Internet Explorer\Setup$\Microsoft\Internet Explorer$`
              • API String ID: 3735153245-2320231753
              • Opcode ID: cf56510f970fa3706afead685d104fdbaa79b40ce2b366772bfb952bebc5dbc9
              • Instruction ID: a7fb683b4339ad368159f2da55e67fa70e0db66a9087e8e6c7c9866299a779fb
              • Opcode Fuzzy Hash: cf56510f970fa3706afead685d104fdbaa79b40ce2b366772bfb952bebc5dbc9
              • Instruction Fuzzy Hash: 40C14D23A18B86C6EB01CF68D4993B9A7A0FF8AB44F445235DA4D83765DF3DE949C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B32FD0: #57.IERTUTIL ref: 00007FF674B33020
                • Part of subcall function 00007FF674B32FD0: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF674B3304C
                • Part of subcall function 00007FF674B32FD0: SysAllocString.OLEAUT32 ref: 00007FF674B33078
                • Part of subcall function 00007FF674B32FD0: RegOpenKeyExW.ADVAPI32 ref: 00007FF674B330BB
                • Part of subcall function 00007FF674B32FD0: RegGetValueW.ADVAPI32 ref: 00007FF674B330FF
                • Part of subcall function 00007FF674B32FD0: RegCloseKey.ADVAPI32 ref: 00007FF674B3312D
                • Part of subcall function 00007FF674B32FD0: SysStringLen.OLEAUT32 ref: 00007FF674B33169
              • SysFreeString.OLEAUT32 ref: 00007FF674B387DC
                • Part of subcall function 00007FF674B39AC0: CryptCreateHash.ADVAPI32 ref: 00007FF674B39B0F
                • Part of subcall function 00007FF674B39AC0: CryptHashData.ADVAPI32 ref: 00007FF674B39B2D
                • Part of subcall function 00007FF674B39AC0: CryptGetHashParam.ADVAPI32 ref: 00007FF674B39B5C
                • Part of subcall function 00007FF674B39AC0: CryptDestroyHash.ADVAPI32 ref: 00007FF674B39B8F
              • SysAllocString.OLEAUT32 ref: 00007FF674B388F5
              • SysFreeString.OLEAUT32 ref: 00007FF674B38942
              • SysStringByteLen.OLEAUT32 ref: 00007FF674B38975
              • SysAllocStringByteLen.OLEAUT32 ref: 00007FF674B38986
                • Part of subcall function 00007FF674B49D84: SysFreeString.OLEAUT32 ref: 00007FF674B49E61
                • Part of subcall function 00007FF674B2195C: GetProcessHeap.KERNEL32 ref: 00007FF674B21969
                • Part of subcall function 00007FF674B2195C: HeapFree.KERNEL32 ref: 00007FF674B2197D
              • SysFreeString.OLEAUT32 ref: 00007FF674B389AC
              • SysFreeString.OLEAUT32 ref: 00007FF674B389C2
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free$CryptHash$Alloc$ByteHeap$CloseConvertCreateDataDestroyOpenParamProcessValue
              • String ID: <?xml version="1.0" encoding="utf-8"?>$<request/>$euppid$hashvalue$https://ieonline.microsoft.com/EUPP/v1/service?action=signvalue&appid=Microsoft_IE_EUPP$product$rid$source$thumbprint$trademark$type
              • API String ID: 3186373301-1803989589
              • Opcode ID: e8029c8896fdcb2ec9a47429c66e0de3bfe13a4086b319dfd8f3c86771fac7a4
              • Instruction ID: 9e5d785ae31308c54c585c3dd5c6bc6d461bd23a01fad963d7eb478e044ffad7
              • Opcode Fuzzy Hash: e8029c8896fdcb2ec9a47429c66e0de3bfe13a4086b319dfd8f3c86771fac7a4
              • Instruction Fuzzy Hash: F5B12923A24A56C6FB009B76C8883AC67A2EF86F98F554131DE0DDB655DF38EC46C341
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • UnmapViewOfFile.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3D8D8
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3D8F2
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3D908
              • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3D956
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3D970
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3D986
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3D99C
              • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3D9D5
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3D9EF
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3DA05
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3DA1B
              • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3DA53
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3DA6D
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3DA83
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3DA99
              • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3DACD
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3DAE7
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3DAFD
              • GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B3DB11
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$CloseHandle$FileUnmapView
              • String ID:
              • API String ID: 3410133523-0
              • Opcode ID: 74045a0d449d6bef91c49103180d8784fdffa1ba190b2088dc9f717b97990db0
              • Instruction ID: d3d4148adfb0238eb2546563a1eaa4de28f57dc5a145ad596a544c4ab145183a
              • Opcode Fuzzy Hash: 74045a0d449d6bef91c49103180d8784fdffa1ba190b2088dc9f717b97990db0
              • Instruction Fuzzy Hash: 39810A62B28B46CBE7505F7694D83796A98FF4AF45F849234CB2AC3290DF3CE8455210
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$Open$CertCloseStore$#690CreateFileModuleName_wcsicmpwcsncmp
              • String ID: HKCU\$HistoryJournalCertificate$MSIEHistoryJournal
              • API String ID: 2454733814-1739054375
              • Opcode ID: 877664214de6385cc0f7077c3cf025e2f3f09668462cc534a9615fe57af687fb
              • Instruction ID: ea87a3a1aaaf11d6a190cd3c2db8aba2864a46f0d7a04665b2147d09b9e713b9
              • Opcode Fuzzy Hash: 877664214de6385cc0f7077c3cf025e2f3f09668462cc534a9615fe57af687fb
              • Instruction Fuzzy Hash: C2512B33628B42C6E7509B69E498769B7A4FF8ABD1F449234DA4D83754DF7CE809C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetFileVersionInfoSizeExW.VERSION(?,?,?,?,?,?,?,?,00007FF674B26295), ref: 00007FF674B48E73
              • LocalAlloc.KERNELBASE ref: 00007FF674B48E93
              • GetFileVersionInfoExW.VERSION(?,?,?,?,?,?,?,?,00007FF674B26295), ref: 00007FF674B48EBF
              • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,00007FF674B26295), ref: 00007FF674B48EEA
              • StrTrimW.SHLWAPI(?,?,?,?,?,?,?,?,00007FF674B26295), ref: 00007FF674B49013
                • Part of subcall function 00007FF674B21574: _vsnwprintf.MSVCRT ref: 00007FF674B215B4
              • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,00007FF674B26295), ref: 00007FF674B48F42
              • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,00007FF674B26295), ref: 00007FF674B48F7C
              • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,00007FF674B26295), ref: 00007FF674B48FB2
              • VerQueryValueW.VERSION(?,?,?,?,?,?,?,?,00007FF674B26295), ref: 00007FF674B48FE8
              • LocalFree.KERNEL32(?,?,?,?,?,?,?,?,00007FF674B26295), ref: 00007FF674B4903B
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: QueryValue$FileInfoLocalVersion$AllocFreeSizeTrim_vsnwprintf
              • String ID: FileVersion$\StringFileInfo\%04X%04X\%s$\StringFileInfo\04090000\%s$\StringFileInfo\040904B0\%s$\StringFileInfo\040904E4\%s$\VarFileInfo\Translation
              • API String ID: 386413036-2944779872
              • Opcode ID: b3ae8742d7e359fa9e7e6561ef99e026b185d2259bc52ef6266ec8c7645275df
              • Instruction ID: 28d5086c5a909a258da3a5401cfa46f9f642ac8bb8f3d8e93b5a1554decda836
              • Opcode Fuzzy Hash: b3ae8742d7e359fa9e7e6561ef99e026b185d2259bc52ef6266ec8c7645275df
              • Instruction Fuzzy Hash: 8A512C33B18A42D6EB108B75E8585E97761FB8AF84B814132DE0DA7754DF38E949C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • FormatMessageW.KERNEL32 ref: 00007FF674B28545
              • GetCurrentThreadId.KERNEL32 ref: 00007FF674B285C4
                • Part of subcall function 00007FF674B283D8: _vsnwprintf.MSVCRT ref: 00007FF674B28410
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CurrentFormatMessageThread_vsnwprintf
              • String ID: $%hs!%p: $%hs(%d) tid(%x) %08X %ws$%hs(%u)\%hs!%p: $(caller: %p) $CallContext:[%hs] $Exception$FailFast$LogHr$Msg:[%ws] $ReturnHr$[%hs(%hs)]$[%hs]
              • API String ID: 223436642-3173542853
              • Opcode ID: 109af04919337dab591c5b886a71723b77b00c5ac2e51ef06a02aa46d7378c5c
              • Instruction ID: f98bfa371254f899dfc793dfd4d59d3521615498eeb654cbf7b89086dfe7eafc
              • Opcode Fuzzy Hash: 109af04919337dab591c5b886a71723b77b00c5ac2e51ef06a02aa46d7378c5c
              • Instruction Fuzzy Hash: 7F616E23A28742C2EA51DB51E4985BAA3A1FF46F84F441636EA4DD3794DF3CED44C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CompareOrdinalString$EnvironmentExpandStringsfclosefgetwsmemsetswscanf_s
              • String ID: "%%windir%%\System32\dism.exe" /online /remove-package /packagename:%s$%%%us | %%%us$'$($Microsoft-Windows-InternetExplorer-Package-TopLevel$Superseded$VER_IEMAJORVERSION.2
              • API String ID: 3943657873-1226670232
              • Opcode ID: 3f0b104de08c516934f2c3ceac26d29a9de8d2e8c20ff9f6c0e8912f9b7e30b0
              • Instruction ID: a852155082db155d9e0429b82fa171c5588ebd75c6a31c7eeca1325314a706cd
              • Opcode Fuzzy Hash: 3f0b104de08c516934f2c3ceac26d29a9de8d2e8c20ff9f6c0e8912f9b7e30b0
              • Instruction Fuzzy Hash: 71513F33A24A86DAE760DF24D8882E9B7A1FB5AF48F805131DA4D87654DF3CDA49C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$File$BuffersCreateFlushMappingPointerSizeViewmemset
              • String ID:
              • API String ID: 804094210-0
              • Opcode ID: 3a1a484193333aed796fab24437ed2a1a7eed25374e7ff067f007c46046bdcd9
              • Instruction ID: 6fbdb9ec1b51ccf1ea3b3a5e4046de753afc044964eb5afae1b11be287cfbb89
              • Opcode Fuzzy Hash: 3a1a484193333aed796fab24437ed2a1a7eed25374e7ff067f007c46046bdcd9
              • Instruction Fuzzy Hash: 55C15F73A18B92C7E7508F66E4987697AE4FB8AF88F548536DA4D83750DF3CE8058700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free$Local$AllocCloseConvertOpenValuememcpy_s
              • String ID: MachineGuid$N/A$SOFTWARE\Microsoft\Cryptography
              • API String ID: 914379026-238228221
              • Opcode ID: 4d81af1253eda9a4fba4b1541149e29a514f510839cc8880669393de02f4828d
              • Instruction ID: 737c1b957ae819d4b8b50f29ad8c319a44fe9ee6012a670b94385d0db7733dce
              • Opcode Fuzzy Hash: 4d81af1253eda9a4fba4b1541149e29a514f510839cc8880669393de02f4828d
              • Instruction Fuzzy Hash: 6B512C33618B42C6E6108F26E88827ABBA4FB8AB90F555135DE8D83754DF3DD959C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: MessageValue$CloseFormatLocalOpenPostQueryThreadTimememset
              • String ID: An invalid value is set in the reg value.$Original First Home Page Result:%1!lx!$Original First Home Page Text:[%1!ls!].$Setting Home Page.$Setting Home Page. Failed to open registry Key$Software\microsoft\Internet Explorer\Main$Writing Single Home Page to XP Result:%2!lx!$`
              • API String ID: 3787667049-2357394903
              • Opcode ID: 697ee2f033f14768bbca42a7767b423c6ccb72d77bfcef2f312441f28d038ba0
              • Instruction ID: 6774b9b5fd6d9125dba7d03ef29441707c9fd763e3f015de415b2b3c5f33d26a
              • Opcode Fuzzy Hash: 697ee2f033f14768bbca42a7767b423c6ccb72d77bfcef2f312441f28d038ba0
              • Instruction Fuzzy Hash: F8512326A28B81C5F7118B18E4895F9F360FF9AB84F445135DE4D83665EF3CE985C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Local$Security$AllocErrorFreeKernelLastLengthObject$CopyDescriptorSacl
              • String ID:
              • API String ID: 3500360645-0
              • Opcode ID: d3b797466126dfc056c2a9ceb9da21bf7a473a0801e90d60c8930e5e4c970a27
              • Instruction ID: 62385cdf3f84a4ecaad3af3e2e7aa2338d8e597630c74ea334d0620c2942f6d4
              • Opcode Fuzzy Hash: d3b797466126dfc056c2a9ceb9da21bf7a473a0801e90d60c8930e5e4c970a27
              • Instruction Fuzzy Hash: 51512A37A18B42CBE7548F65A8881B97AA4FB4BF85B548131CE0E97754EF3CE845C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: _wcsnicmp$Library$AddressFreeLoadProc
              • String ID: http://www.yandex.com/favicon.ico$https://suggest.yandex.ru/suggest-ff.cgi?srv=ie11&part={searchTerms}&clid=2233627$https://www.haosou.com/s?src=win10&ie=utf-8&q={searchTerms}$https://www.sogou.com/tx?hdq=sogou-wsse-6abba5d8ab1f4f32&query={searchTerms}$https://yandex.ru/search/?text={searchTerms}&clid=2233627${2562B2EF-500D-49FC-A350-5BC0D4C56EE3}${461B4783-36F5-45B9-883E-35BA5ED4A823}${8C3078A0-9AAB-4371-85D1-656CA8E46EE8}
              • API String ID: 584558329-729423207
              • Opcode ID: e25aa7b836383d6f71ad2f2080bfeeb7f6664c7ed43af9669be0d297b218caaf
              • Instruction ID: b15a8ad531ab8bf33817dc4bb26f006cd6826d5fa354f18ccad24660dff5b3fc
              • Opcode Fuzzy Hash: e25aa7b836383d6f71ad2f2080bfeeb7f6664c7ed43af9669be0d297b218caaf
              • Instruction Fuzzy Hash: D9814127A28A46D7EB50CF66D8C81A9A761FB4AF88B445432DE0D87764DF3DED49C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorHeapLast$FreeObjectProcessSingleWait
              • String ID: onecore\internal\sdk\inc\wil\opensource\wil\resource.h
              • API String ID: 453756160-3341287125
              • Opcode ID: 6dc2f5e5708b4a8988b3acd2d793e6f27e4c36014d555acfc29201e1b004f11d
              • Instruction ID: 2a9450bcb18edf5e552544206afd5ad8e2dc3a0ec81101dd9f8eb11ffe4821dc
              • Opcode Fuzzy Hash: 6dc2f5e5708b4a8988b3acd2d793e6f27e4c36014d555acfc29201e1b004f11d
              • Instruction Fuzzy Hash: 93713473A18682D6EB649B69E4983B967A0FF4BFC0F484531DA4E87695DF2CEC54C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetProcAddress.KERNEL32 ref: 00007FF674B21BE3
              • ConvertSidToStringSidW.ADVAPI32 ref: 00007FF674B21C2E
              • LocalFree.KERNEL32 ref: 00007FF674B21CC5
              • SysFreeString.OLEAUT32 ref: 00007FF674B21CD5
                • Part of subcall function 00007FF674B216BC: SysAllocStringLen.OLEAUT32 ref: 00007FF674B2172D
                • Part of subcall function 00007FF674B216BC: SysStringLen.OLEAUT32 ref: 00007FF674B21744
                • Part of subcall function 00007FF674B216BC: memcpy_s.MSVCRT ref: 00007FF674B21766
                • Part of subcall function 00007FF674B216BC: memcpy_s.MSVCRT ref: 00007FF674B217A6
                • Part of subcall function 00007FF674B216BC: SysFreeString.OLEAUT32 ref: 00007FF674B217D5
                • Part of subcall function 00007FF674B2163C: SysStringLen.OLEAUT32 ref: 00007FF674B21654
                • Part of subcall function 00007FF674B2163C: VarBstrCat.OLEAUT32 ref: 00007FF674B21676
                • Part of subcall function 00007FF674B2163C: SysFreeString.OLEAUT32 ref: 00007FF674B2168B
                • Part of subcall function 00007FF674B266E8: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26721
                • Part of subcall function 00007FF674B266E8: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26799
                • Part of subcall function 00007FF674B266E8: PostThreadMessageW.USER32 ref: 00007FF674B267B9
              • GetLastError.KERNEL32 ref: 00007FF674B21CE3
              • FreeSid.ADVAPI32 ref: 00007FF674B21D0C
                • Part of subcall function 00007FF674B216BC: SysStringLen.OLEAUT32 ref: 00007FF674B21707
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free$LocalMessagememcpy_s$AddressAllocBstrConvertErrorFormatLastPostProcThreadTime
              • String ID: (A;CI;KR;;;$DeriveAppContainerSidFromAppContainerName$Unable to Append Sid for %1!ls! to Extended ACL. Result:%2!lx!$Unable to Format Sid for %1!ls! to append to Extended ACL.$Unable to convert Sid to string for %1!ls!. Result:%2!lx!$Unable to get SID for %1!ls!. Result:%2!lx!
              • API String ID: 3912539464-613229433
              • Opcode ID: 50e590a39987bf04f19c564ba7751c20197d28acae0ffaff3b293b9699e4d937
              • Instruction ID: 65f9c5c7ef864b3299513859861c7dd457b7a04f0279275d70f794eaa04441bb
              • Opcode Fuzzy Hash: 50e590a39987bf04f19c564ba7751c20197d28acae0ffaff3b293b9699e4d937
              • Instruction Fuzzy Hash: 4341EC67A28A46D5EB01DB25DC982F86B60FF86F88F449532D90DC7695DE3CE945C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CurrentDirectory$Find$FileFolderHandleLoadModulePathSpecialString$CloseFirstNextValue
              • String ID: DesktopShortcutsFolderName$Software\Microsoft\Windows\CurrentVersion\OemStartMenuData
              • API String ID: 2124583704-3001445492
              • Opcode ID: d40038c5ab739152c01001ec89057b0f61bfb52042c9fb655e5264001d82ca32
              • Instruction ID: ea912faa83010074b0a50dddbe1a4ba8b30146612d44f88a3c3637fd71ab262d
              • Opcode Fuzzy Hash: d40038c5ab739152c01001ec89057b0f61bfb52042c9fb655e5264001d82ca32
              • Instruction Fuzzy Hash: 06416A33614B82D6EB649F24E8842FE7760FB8AB85F855535D60D87694DF3CD909C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: LibraryMessageOnce$AddressCloseExecuteFormatFreeInitLoadLocalOpenPostProcThreadTime
              • String ID: SBE is enabled. Bailed out FixupIEAssociations.$DllInstall$ForceAssoc$In FixupIEAssocations. fForceAssociations=%1!d!$Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE$ieframe.dll
              • API String ID: 193145673-1861194879
              • Opcode ID: fdf5c71c4a2b7b028b86c68d215e98ef43ea7d0903141b4d16275a5db3ad0bbb
              • Instruction ID: 5bb7116169f8a84c358bf8b9eb81ee7abb8310f2b3e6b65a173231dc2a0df530
              • Opcode Fuzzy Hash: fdf5c71c4a2b7b028b86c68d215e98ef43ea7d0903141b4d16275a5db3ad0bbb
              • Instruction Fuzzy Hash: 2A311E27A29A02D6EB008B14F8D81B4E760FF4BF81F859135D91E836A4EF3CE945C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$File$CloseCreateDeleteHandleRead
              • String ID:
              • API String ID: 2438661856-0
              • Opcode ID: 5b603998b6ceaa0a23056b6cc8eb0660d0551a6a7f702e7e6f99fb80496b2575
              • Instruction ID: 3ef4ff18e8d214ac8ee5342e6de5c53a4db86c6f174dd743e2a127bd82ddf627
              • Opcode Fuzzy Hash: 5b603998b6ceaa0a23056b6cc8eb0660d0551a6a7f702e7e6f99fb80496b2575
              • Instruction Fuzzy Hash: 64513C22728B42CAE7109F6594D93B9B6A4FF4BF85F818135DB4EC3654DF7CE8048610
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • CreateMutexW.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E1FC
              • #50.IERTUTIL(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E217
              • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E22D
              • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E23C
              • DuplicateHandle.KERNEL32 ref: 00007FF674B3E266
              • GetLastError.KERNEL32 ref: 00007FF674B3E27A
              • GetLastError.KERNEL32 ref: 00007FF674B3E294
              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E2CA
              • OpenMutexW.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E2E2
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E2F6
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E310
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E323
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$CurrentHandleMutexProcess$CloseCreateDuplicateOpen
              • String ID:
              • API String ID: 3779884535-0
              • Opcode ID: 5095cc0b268e8af13cc5d5acf29afcb5ad415a373148948c14eea26036640252
              • Instruction ID: 8b90aa162b266359607b9126802a7109f9a8327b9202523ca326fe6aa4e521cf
              • Opcode Fuzzy Hash: 5095cc0b268e8af13cc5d5acf29afcb5ad415a373148948c14eea26036640252
              • Instruction Fuzzy Hash: 8B410262614B42CBE7009F66A898379BA90FB8BF81F489135DA4EC3354DF7CE8058610
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: FreeString
              • String ID: %s_%s$EUPP$EUPP_$_EUPP_$bing.$msn.
              • API String ID: 3341692771-4073838992
              • Opcode ID: a6c5943611e90d1ee6adf931ce3ae08aace9fa8024b07ed6f67d21dd5ce845c4
              • Instruction ID: 9f98d3019ed57e2d8a764882b9b9ef078d7d1fef14c16c7a1dc0c0c866afa1e1
              • Opcode Fuzzy Hash: a6c5943611e90d1ee6adf931ce3ae08aace9fa8024b07ed6f67d21dd5ce845c4
              • Instruction Fuzzy Hash: CB41A833629B81C6E710DB66E4842AAB7A1FB4AF90F915131EE5D83798DF3CE945C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CurrentProcess$ClassMessageOncePriority$AddressCreateExecuteFormatHandleInitInstanceLocalModulePostProcThreadTime
              • String ID: In CmdInitializeHistoryRoaming$SetProcessInformation$kernel32.dll
              • API String ID: 2110875543-2055926704
              • Opcode ID: 89cc65f50b90458f721d85a568bbed32039c1b2468aefd17dc3849896a318b65
              • Instruction ID: 5104d86e637f5ce85d713b1c38d0636783e283f17e6e80059baeed0254812162
              • Opcode Fuzzy Hash: 89cc65f50b90458f721d85a568bbed32039c1b2468aefd17dc3849896a318b65
              • Instruction Fuzzy Hash: CB41ED36A28A42C6E740DB55E8D8279E761FB8AF81F449135DA0EC3764DF3CE889C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$ErrorLast$FreeProcess$CriticalDeleteSectionThreadpoolTimer$CallbacksWait
              • String ID:
              • API String ID: 3162582620-0
              • Opcode ID: d207e9815ab27ac350c386903735fa1a50f151cd4ddcb94d343ef91208cf2083
              • Instruction ID: 4bb565e43fd75d48865e859f1d7823e44c783f0d0d3eb1b7e47143a84dee8b5c
              • Opcode Fuzzy Hash: d207e9815ab27ac350c386903735fa1a50f151cd4ddcb94d343ef91208cf2083
              • Instruction Fuzzy Hash: 8A41EF37B25A51D7EA499B65A598378A760FF4BFC1F099134CA0E87755CF3CE8258300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • CoCreateInstance.OLE32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,00007FF674B25154), ref: 00007FF674B241B3
              • CoTaskMemAlloc.OLE32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,00007FF674B25154), ref: 00007FF674B24263
              • memcpy_s.MSVCRT ref: 00007FF674B24288
              • PropVariantClear.OLE32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,00007FF674B25154), ref: 00007FF674B242CC
              • PropVariantClear.OLE32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,00007FF674B25154), ref: 00007FF674B2432C
              • PropVariantClear.OLE32(?,?,?,?,?,?,00000000,?,?,00000001,00000000,?,00007FF674B25154), ref: 00007FF674B24373
                • Part of subcall function 00007FF674B21574: _vsnwprintf.MSVCRT ref: 00007FF674B215B4
              • SHSetLocalizedName.SHELL32 ref: 00007FF674B2443A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ClearPropVariant$AllocCreateInstanceLocalizedNameTask_vsnwprintfmemcpy_s
              • String ID: %HOMEDRIVE%%HOMEPATH%$%windir%\System32\ie4uinit.exe$@"%%windir%%\System32\ie4uinit.exe",-%d
              • API String ID: 839107887-2483958424
              • Opcode ID: d3b344539d0de9ecf688537e5404ccacdadc421d05d63f6f44b714d9c327b181
              • Instruction ID: 31354030351d678baa092dfe53534ff2084d8e6a0f9f45a255604f5654684f04
              • Opcode Fuzzy Hash: d3b344539d0de9ecf688537e5404ccacdadc421d05d63f6f44b714d9c327b181
              • Instruction Fuzzy Hash: 4791ED37768B46C6EA808B26E8C8169B760FB8AF94F505132DE5E87764DF3DD845C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Cert$Certificate$Chain$ContextErrorLastStoreUsage$BinaryCryptEnhancedFreePolicyStringVerify$CloseCreateIntendedOpen
              • String ID: Trust$status
              • API String ID: 2930961322-3800218552
              • Opcode ID: f3c09dccc9d3103b643e8fccd427b4574e2ef2678e9715cc45a0b3d93624772a
              • Instruction ID: 0f4d1fd72216414c4a678d7f86880a285be9f5750780f32c59cc22d3b4d6b607
              • Opcode Fuzzy Hash: f3c09dccc9d3103b643e8fccd427b4574e2ef2678e9715cc45a0b3d93624772a
              • Instruction Fuzzy Hash: 10412123B28B42CBEB019B6698983B9A794FF4AF81F548135DA0DC7754DF2DEC058610
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B266E8: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26721
                • Part of subcall function 00007FF674B266E8: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26799
                • Part of subcall function 00007FF674B266E8: PostThreadMessageW.USER32 ref: 00007FF674B267B9
                • Part of subcall function 00007FF674B273A0: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,00007FF674B23015), ref: 00007FF674B273D9
                • Part of subcall function 00007FF674B273A0: RegQueryValueExW.ADVAPI32 ref: 00007FF674B27414
                • Part of subcall function 00007FF674B273A0: RegCloseKey.ADVAPI32 ref: 00007FF674B27427
              • StrCmpNIW.SHLWAPI ref: 00007FF674B23042
              • RegOpenKeyExW.ADVAPI32 ref: 00007FF674B230DD
              • RegDeleteValueW.ADVAPI32 ref: 00007FF674B230F9
              • RegCloseKey.ADVAPI32 ref: 00007FF674B2310A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CloseMessageOpenValue$DeleteFormatLocalPostQueryThreadTime
              • String ID: Command Result: 0x%1!08lx!$DeferMigrationCommand$Executing Deferred Command: %1!lS!$In CmdUserConfig$In HandleDeferredCommand$SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo
              • API String ID: 2657112078-2717220108
              • Opcode ID: bd7e353a74a0e7106ae6a93f7360adb18c6766d2e634bfc9e1c6e68d3aae5d4f
              • Instruction ID: 8393c1f33ae771bf6f9f7db9191ef8111e09e69f64c94d5ead882dafd78dc15d
              • Opcode Fuzzy Hash: bd7e353a74a0e7106ae6a93f7360adb18c6766d2e634bfc9e1c6e68d3aae5d4f
              • Instruction Fuzzy Hash: CD414F33A28A46C2EA10DB25E8C85BAB761FF8AF80F415135DA4D83795DF3DE949C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • OpenFileMappingW.KERNEL32(?,?,?,?,?,?,?,00007FF674B48D5E,?,?,?,?,?,?,00007FF674B48E0D), ref: 00007FF674B497D8
              • #791.IERTUTIL(?,?,?,?,?,?,?,00007FF674B48D5E,?,?,?,?,?,?,00007FF674B48E0D), ref: 00007FF674B497F9
              • #791.IERTUTIL(?,?,?,?,?,?,?,00007FF674B48D5E,?,?,?,?,?,?,00007FF674B48E0D), ref: 00007FF674B4980E
              • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00007FF674B48D5E,?,?,?,?,?,?,00007FF674B48E0D), ref: 00007FF674B4982F
              • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00007FF674B48D5E,?,?,?,?,?,?,00007FF674B48E0D), ref: 00007FF674B4983E
              • DuplicateHandle.KERNEL32 ref: 00007FF674B4986C
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF674B48D5E,?,?,?,?,?,?,00007FF674B48E0D), ref: 00007FF674B49885
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: #791CurrentProcess$DuplicateErrorFileHandleLastMappingOpen
              • String ID: Local\windows_ie_global_counters
              • API String ID: 1064913255-3887093185
              • Opcode ID: 362dde08f6432f6780a17795f3fddc82f3ef1a745c7a5242259ba2bb2f54605d
              • Instruction ID: b866ae956fb140c382f900e3d194a095479b6aaa6364e572b5e20d585a7eb6d3
              • Opcode Fuzzy Hash: 362dde08f6432f6780a17795f3fddc82f3ef1a745c7a5242259ba2bb2f54605d
              • Instruction Fuzzy Hash: 2331FD32918B41C7E7049B29A898179BBE1FB8BFD1F498175DA4E83754DF3CE845CA00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: FreeString$AddressAllocConvertLibraryLoadLocalOpenProc
              • String ID: D:PAI(A;CI;KA;;;SY)(A;CI;KA;;;BA)(A;CI;KR;;;RC)(A;CI;KR;;;S-1-15-3-4096)$Failed to open registry key. Result:%1!lx!$Failed to set security descriptor. Result:%1!lx!$SOFTWARE\Microsoft\Internet Explorer\TypedURLs$Userenv.dll
              • API String ID: 4191680482-1078209490
              • Opcode ID: 2479fba6ecf8c3f49dd4311a1a1a9579d21e38bb50acd51c46ef2d5251b76e5b
              • Instruction ID: 74ca8ba9387f54706eff00c512ca170d35481d3677a536b34d4cd2a4da28cff6
              • Opcode Fuzzy Hash: 2479fba6ecf8c3f49dd4311a1a1a9579d21e38bb50acd51c46ef2d5251b76e5b
              • Instruction Fuzzy Hash: 87213323B28A42C2EB019B15E8985B9B760FF8BF80F445535DA0DC7795EF2DE945C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID:
              • String ID: about:newsfeed$about:tabs$msn.cn$msn.com
              • API String ID: 0-2860905812
              • Opcode ID: 409c5a39f79a9f84fd6ca4ef747c434dafc49d6eff7c75db491955da3b2f73f0
              • Instruction ID: c65dd662b114efabb5ff88955f8aba32e512bdf0aadde4eba2ca254310d0320a
              • Opcode Fuzzy Hash: 409c5a39f79a9f84fd6ca4ef747c434dafc49d6eff7c75db491955da3b2f73f0
              • Instruction Fuzzy Hash: AF211023A2CA42C2EB408B26E4D8379A364FF86F84F415031DA1E87655DF6DE945CB40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Create$ErrorFileLast$CloseConvertDirectoryFreeHandleLocalStringValid
              • String ID:
              • API String ID: 1059847807-0
              • Opcode ID: 8379c2c836cacb1e7552f376acb2577f16b3ca5837fab9557e8f4243c7a556ea
              • Instruction ID: 02c40ca5d1da43c5db3930eb6d59d1cde2d4bcd551ffb9ce8c2fedd8a212fd00
              • Opcode Fuzzy Hash: 8379c2c836cacb1e7552f376acb2577f16b3ca5837fab9557e8f4243c7a556ea
              • Instruction Fuzzy Hash: 3B516F33A28A42CAF7608F6595CC77D7AA0EB4BF94F448274CE0A83794CF78E9458700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CloseErrorFileLast$FindHandle$AttributesDeleteDirectoryFirstRemove
              • String ID:
              • API String ID: 679420900-0
              • Opcode ID: 2333e0278e3660317a866f4f4b84cafd3e26b381e4e7be0e84ffc5c6d7d53956
              • Instruction ID: 39e07b2c21454a67fc6bfd039f80bd18ae62742e36f481e333e73c71187697d1
              • Opcode Fuzzy Hash: 2333e0278e3660317a866f4f4b84cafd3e26b381e4e7be0e84ffc5c6d7d53956
              • Instruction Fuzzy Hash: 53416337A29A42C7E6505B29A4D8179B7A0FF8BFD1F548230CA5E832D4DF3CEC458610
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • SysAllocString.OLEAUT32 ref: 00007FF674B39712
              • SysFreeString.OLEAUT32 ref: 00007FF674B397E6
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AllocHeapString$FreeProcess
              • String ID: &clientkey=$&mac=$https://ieonline.microsoft.com/EUPP/v1/service?action=signvalue&appid=Microsoft_IE_EUPP
              • API String ID: 1731201402-1362008807
              • Opcode ID: 3816e086b299a4cc2a1300ed84fc3ebccc5f375c3635537345a1b7a59f41c14d
              • Instruction ID: 3b1ebe297d266c0c0c053fb153c276e8279337145b5ae16683d4f957133ea39b
              • Opcode Fuzzy Hash: 3816e086b299a4cc2a1300ed84fc3ebccc5f375c3635537345a1b7a59f41c14d
              • Instruction Fuzzy Hash: 2D916E23A28A52C7EB009F3698883B867A5FB86F88F044531DE4D97795DF3CE8418340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: _wtoi
              • String ID: Missing$false$true
              • API String ID: 259676474-471191888
              • Opcode ID: 196ed2b58b35eceaa92fffad63318e7fbfd4ca98f1aef7307ee865983edc4b6e
              • Instruction ID: f86f3a7278bafd3d7e95cb9f5b692a39454b8041a76ce27402752d1c08cb8944
              • Opcode Fuzzy Hash: 196ed2b58b35eceaa92fffad63318e7fbfd4ca98f1aef7307ee865983edc4b6e
              • Instruction Fuzzy Hash: C5717533628A82D3EB20DB25D4982B97765FF45B88F555131DA4DC72A9EF3CEA06C340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ObjectSingleWait
              • String ID: wil
              • API String ID: 24740636-1589926490
              • Opcode ID: 6bdb0238c23ff1ae886b08c3defc4ac29a78ec758ae353d6e4c157323aab8f8c
              • Instruction ID: e51d02dcb86ff6cec9f31917154f78dc25d6a9561ce89712fa2fb2172ec48d85
              • Opcode Fuzzy Hash: 6bdb0238c23ff1ae886b08c3defc4ac29a78ec758ae353d6e4c157323aab8f8c
              • Instruction Fuzzy Hash: AE410032B28A43C3F7608B25E4982796AA1EF87F91F649131D51EC7A94DF3CEC458701
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CloseOpenQueryValue
              • String ID: IconsVisible$SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo$ShowIconsCommand
              • API String ID: 3677997916-1059487045
              • Opcode ID: 5be104d143eb5f7c6fa198d48af2afca4c1ca6a80ce7f527c97ca91055afdb84
              • Instruction ID: 4de8911e0ba178a8a5f7b40cd4e75576c10397834964e251ed85505ac58f42a6
              • Opcode Fuzzy Hash: 5be104d143eb5f7c6fa198d48af2afca4c1ca6a80ce7f527c97ca91055afdb84
              • Instruction Fuzzy Hash: A3414333628B42CBE7508F24E8845B8B764FB4AB49F445A39D65D83754DF3CD954CB04
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B266E8: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26721
                • Part of subcall function 00007FF674B266E8: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26799
                • Part of subcall function 00007FF674B266E8: PostThreadMessageW.USER32 ref: 00007FF674B267B9
              • GetTempPathW.KERNEL32 ref: 00007FF674B231A0
              • GetTempFileNameW.KERNEL32 ref: 00007FF674B231CE
              • ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF674B231F7
              • _wfopen_s.MSVCRT ref: 00007FF674B23238
              • DeleteFileW.KERNEL32 ref: 00007FF674B23271
                • Part of subcall function 00007FF674B26984: memset.MSVCRT ref: 00007FF674B269E4
                • Part of subcall function 00007FF674B26984: CreateFileW.KERNEL32 ref: 00007FF674B26A53
                • Part of subcall function 00007FF674B26984: GetCurrentProcess.KERNEL32 ref: 00007FF674B26A6C
                • Part of subcall function 00007FF674B26984: GetCurrentProcess.KERNEL32 ref: 00007FF674B26A7B
                • Part of subcall function 00007FF674B26984: DuplicateHandle.KERNEL32 ref: 00007FF674B26AAA
                • Part of subcall function 00007FF674B26984: GetStdHandle.KERNEL32 ref: 00007FF674B26AC3
                • Part of subcall function 00007FF674B26984: CreateProcessW.KERNEL32 ref: 00007FF674B26B21
                • Part of subcall function 00007FF674B26984: WaitForSingleObject.KERNEL32 ref: 00007FF674B26B3A
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: FileProcess$CreateCurrentHandleMessageTemp$DeleteDuplicateEnvironmentExpandFormatLocalNameObjectPathPostSingleStringsThreadTimeWait_wfopen_smemset
              • String ID: "%windir%\System32\dism.exe" /online /get-packages /format:table /english$In CmdAdminScavengeSystem$SCS$Total Packages Removed from the system: %1!u!
              • API String ID: 3374882768-3963655054
              • Opcode ID: 34169c7784d37b292fcb58473443cfe22f8864090464c93d647c9d2556a4eff6
              • Instruction ID: da9e03ac44808af24c2eb9f9de5d7357a48fdb0684f7b3327146634e4584dbc1
              • Opcode Fuzzy Hash: 34169c7784d37b292fcb58473443cfe22f8864090464c93d647c9d2556a4eff6
              • Instruction Fuzzy Hash: 19312163A38A82D2FB10DB24E8C86B5A7A0FF5AF44F806035D54EC7595DF2CE949CB40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$FileSize
              • String ID:
              • API String ID: 3064237074-0
              • Opcode ID: d2194b5c11767ecf8dc2fb3d879d30169cb808aa268f63147da05f82ace5149b
              • Instruction ID: 5ffc5a183a1d85eff6d676e692096a83e82d5d4a4e4beddbceda9031009b3a5c
              • Opcode Fuzzy Hash: d2194b5c11767ecf8dc2fb3d879d30169cb808aa268f63147da05f82ace5149b
              • Instruction Fuzzy Hash: 0A516073A14A42CBE7608F39E4983697AE1FB8AB44F158139DB5AC3354DF3CE8048B00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AttributesFile$#820$#139#793CreateCurrentDirectoryErrorLastProcess
              • String ID:
              • API String ID: 2696254595-0
              • Opcode ID: fae78069ca079565081da3dc80a885bb45554384e10e5ec58db0abe4914ac82d
              • Instruction ID: daa90b31f695d036039323cf05b306126084d70822dc6544b6c6c8220e4c4d49
              • Opcode Fuzzy Hash: fae78069ca079565081da3dc80a885bb45554384e10e5ec58db0abe4914ac82d
              • Instruction Fuzzy Hash: C9416F33628A82C7F7509B25A89C3B9BAA0FF8AF81F555431DA4EC3654DF3CE845C610
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: File$CreateErrorLastWrite$CloseDirectoryEventFolderFreeHandleLocalMessagePathPointer
              • String ID:
              • API String ID: 2312078311-0
              • Opcode ID: f0adad517c9266593d0c2c92f6e6b8e58f63b40e3a9136dadebe801c95e3c54f
              • Instruction ID: 700bf8529a73f29d24af557d2c8e887d1c02f2b761f22b1a79980935c9a7f9f8
              • Opcode Fuzzy Hash: f0adad517c9266593d0c2c92f6e6b8e58f63b40e3a9136dadebe801c95e3c54f
              • Instruction Fuzzy Hash: 35413333A18A81C6E7108F55E4586B9BB60FB8EF94F555231DA5D83B94CF3CE945CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: iswalpha$wcschrwcsncmp
              • String ID: ::$DATA$Software\Microsoft\Windows\CurrentVersion\Policies$\\?\$\\?\UNC\
              • API String ID: 3137813441-3817109965
              • Opcode ID: d135f5f2d6c09b0cfcbbfe3d3e237421e2657f54bfe0869330cc61c7e0719452
              • Instruction ID: 7b54fdb18ebb7a252239c74bb159b6d1096ca64a1ef0807493725ee091cce4e6
              • Opcode Fuzzy Hash: d135f5f2d6c09b0cfcbbfe3d3e237421e2657f54bfe0869330cc61c7e0719452
              • Instruction Fuzzy Hash: 93029023E28652C5EB20DB65D5882BD67B0BB1EFA8F444535CA1D976D4EF7CE886C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: File$Attributes$Taskwcscat_s$#820AllocErrorFindFirstFreeLastPathTemp
              • String ID: Low
              • API String ID: 1950158008-2865053249
              • Opcode ID: 86e1b355c7ca45e56bc0dc40dbe8a7449fb765d06f80ca52b91b52d8b90c7994
              • Instruction ID: 101dbe31b6c75e72cfb63996bded768d6e64d592651395344a1c5d734c6d490f
              • Opcode Fuzzy Hash: 86e1b355c7ca45e56bc0dc40dbe8a7449fb765d06f80ca52b91b52d8b90c7994
              • Instruction Fuzzy Hash: B671B033A28782C6EB10CF61A4C82AAA7B4FB4AB58F500635DE5D87795DF3DE905C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$CreateSemaphore$CloseHandle
              • String ID: _p0$wil
              • API String ID: 4237752484-1814513734
              • Opcode ID: 974dab5438ba72f666739c6ae042477e74ff44e6f058be151dd752c44fa664a9
              • Instruction ID: 5c2f2507ce5fe7c040a2b1f86d03536cd0686c7ef9fac7d5e3a435e4089dd8c5
              • Opcode Fuzzy Hash: 974dab5438ba72f666739c6ae042477e74ff44e6f058be151dd752c44fa664a9
              • Instruction Fuzzy Hash: EF415022728B42C6E711DF61A4D92BAB650FB4AF90F445535DE4E97795CF3CE809C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$ErrorFreeLastProcess$ObjectSingleWait
              • String ID: onecore\internal\sdk\inc\wil\opensource\wil\resource.h
              • API String ID: 1185803644-3341287125
              • Opcode ID: 798ec6a4e127bbea67d68a011c29ac65229ddd1b1d73ff4a62db56c77dfc0236
              • Instruction ID: 97ab53da6f25331639948cea1638859f175721561ff67264879ab96d1fc9c7b4
              • Opcode Fuzzy Hash: 798ec6a4e127bbea67d68a011c29ac65229ddd1b1d73ff4a62db56c77dfc0236
              • Instruction Fuzzy Hash: 17413F23A28A42C6EA54DF66A499179B7A0FF4BF90F084535DA9EC7791DF3CE8458300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetCurrentProcess.KERNEL32(?,?,00000000,00000000,?,00007FF674B26002), ref: 00007FF674B277B2
              • IsWow64Process.KERNEL32(?,?,00000000,00000000,?,00007FF674B26002), ref: 00007FF674B277C6
              • ExpandEnvironmentStringsW.KERNEL32(?,?,00000000,00000000,?,00007FF674B26002), ref: 00007FF674B277F3
                • Part of subcall function 00007FF674B2AD88: wcsncmp.MSVCRT(?,?,?,?,00000000,00007FF674B3D7D9), ref: 00007FF674B2ADB9
              • GetNativeSystemInfo.KERNEL32(?,?,00000000,00000000,?,00007FF674B26002), ref: 00007FF674B2784A
              • SHGetSpecialFolderPathW.SHELL32(?,?,00000000,00000000,?,00007FF674B26002), ref: 00007FF674B27871
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Process$CurrentEnvironmentExpandFolderInfoNativePathSpecialStringsSystemWow64wcsncmp
              • String ID: %ProgramW6432%\Internet Explorer$IEXPLORE.EXE$Internet Explorer\
              • API String ID: 2223505443-224271814
              • Opcode ID: 56112e856824c7fbd9ce2f4ab7963766a276cc6e845af2545ff842cc57269990
              • Instruction ID: 17bb4fb505630645278d62fff6d3b4193b4f6166dcca14bcb272435e7ac0b151
              • Opcode Fuzzy Hash: 56112e856824c7fbd9ce2f4ab7963766a276cc6e845af2545ff842cc57269990
              • Instruction Fuzzy Hash: 31418333A28742D7FB10DB56E4885ADA7A1FB8AB80F844135D94D83A94DF3CE94AC704
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: #791FreeLocal$#134CheckCloseCreateFileHandleMappingMembershipToken
              • String ID: Local\windows_ie_global_counters$l
              • API String ID: 3701204471-1037400814
              • Opcode ID: 6a07bc5000afcae5f0536fd83b16e131618e6017704f7a5ac26c34b2e31e9fb7
              • Instruction ID: 9562d0ed799dcff4235529864e07223bfbeab7662ed65f600393dce1a2add059
              • Opcode Fuzzy Hash: 6a07bc5000afcae5f0536fd83b16e131618e6017704f7a5ac26c34b2e31e9fb7
              • Instruction Fuzzy Hash: 90113032725642C7EB105F65A4886B8BBA1FB8BFA5F449234DA5E87390CF3CE8458710
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$Processmemcpy_s$AllocFreememset
              • String ID:
              • API String ID: 3570669803-0
              • Opcode ID: 45926e0f18bdd19c35f1f494f03541535911647802c18b8760a590afe30b7e56
              • Instruction ID: 8df2636047e4de2bc624d54e322e47777e707d350a45c99f50807ed76fcc0c6d
              • Opcode Fuzzy Hash: 45926e0f18bdd19c35f1f494f03541535911647802c18b8760a590afe30b7e56
              • Instruction Fuzzy Hash: 2F818073B19746C6EA55CF21A5885B8BBA4FB17FC4B599131CA4E87760DF38E892C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$#654$#675MutexObjectReleaseSingleWait
              • String ID:
              • API String ID: 2927321091-0
              • Opcode ID: 0c56a65c3552b1288960f9c7fbaa0c1be0852d569064d0fafba70605d432244c
              • Instruction ID: f63c087a3f591f78e3bc7d9ce52cacdb62cf93557fafeb9deae5fc1b9e6f7019
              • Opcode Fuzzy Hash: 0c56a65c3552b1288960f9c7fbaa0c1be0852d569064d0fafba70605d432244c
              • Instruction Fuzzy Hash: 01714937A29642C7E7108F36D8C837A6BA4FB96F99F064135CA4D83295DF3DE8458710
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: FreeString
              • String ID:
              • API String ID: 3341692771-0
              • Opcode ID: 41cf15fabd146d7465c0d33d0292cb9adaf94f146215165010667bcd354e2547
              • Instruction ID: e58ac89d87b440881357cebf3f65ce03aeda5c158bc56d0892e789b0d52f883c
              • Opcode Fuzzy Hash: 41cf15fabd146d7465c0d33d0292cb9adaf94f146215165010667bcd354e2547
              • Instruction Fuzzy Hash: 4561B467A28A06C6EB80DB2AD5D83786760EF86FC8F155131DE0E877A9DF2CD945C340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Local$Free$AccessAllocAllowedErrorLastLengthmemcpy_smemset
              • String ID:
              • API String ID: 916274048-0
              • Opcode ID: 7962a7456dcbdc222df6675433a6f9a4ef09bbceb7c55295d27dd7293cc987f1
              • Instruction ID: 6596c3edbdcc902a636b8644895a5189a43e94b6604afaaae3b57e527827308f
              • Opcode Fuzzy Hash: 7962a7456dcbdc222df6675433a6f9a4ef09bbceb7c55295d27dd7293cc987f1
              • Instruction Fuzzy Hash: 16316D37628B92C6D7009F16A988179BBA1FB8EFD1B558134DE4E87760DF3CE8458740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free
              • String ID: /%s/
              • API String ID: 1391021980-1213264659
              • Opcode ID: 0fa5be6dcfd814801c1ac8aae1cc2ad027252285884e19df7b15d70a70b34a36
              • Instruction ID: 7bf658075ea1351e48e9dffc08ab51bb327c2d0355ce7fdd8281a2544c924d3e
              • Opcode Fuzzy Hash: 0fa5be6dcfd814801c1ac8aae1cc2ad027252285884e19df7b15d70a70b34a36
              • Instruction Fuzzy Hash: EF813323A28A86C7EB508B2AD4C82796760FF86F84F505131EA4D97769DF3DED45C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$FullNamePathString
              • String ID: %X_$\
              • API String ID: 1618852869-896525776
              • Opcode ID: c817e3bbf5ebc8898db713c0ceba47c3f2fecd17d122c1faecd8bd99f94e5c52
              • Instruction ID: b3305b770128ec437f629758481141bfba2fe100b917a6000db0ddb646d8f993
              • Opcode Fuzzy Hash: c817e3bbf5ebc8898db713c0ceba47c3f2fecd17d122c1faecd8bd99f94e5c52
              • Instruction Fuzzy Hash: F9419323B28682C7EB104B65E4983BA6690FF96F84F444136DA4ED3794DF3CE845C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • CertGetIntendedKeyUsage.CRYPT32 ref: 00007FF674B39FDA
              • CertGetEnhancedKeyUsage.CRYPT32 ref: 00007FF674B3A00F
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • CertGetEnhancedKeyUsage.CRYPT32 ref: 00007FF674B3A041
              • StrCmpNA.SHLWAPI ref: 00007FF674B3A07F
              • StrCmpNW.SHLWAPI(?,?,00000000,00000000,?,00007FF674B3A1D9), ref: 00007FF674B3A0F1
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CertUsage$EnhancedHeap$AllocIntendedProcess
              • String ID: 1.3.6.1.4.1.311.13.1$IE Enhanced User Preference Protection
              • API String ID: 2896830453-1085473373
              • Opcode ID: 27802ad501e3ffc3026af28544888c3dfc19fd62ba4f648d902956be8982135e
              • Instruction ID: 6d61281a73cf1e644df0d7652de13b6879a2464e246a2947aba2ebf1809eb9b5
              • Opcode Fuzzy Hash: 27802ad501e3ffc3026af28544888c3dfc19fd62ba4f648d902956be8982135e
              • Instruction Fuzzy Hash: ED416C23A28B42C3E6009B36A8C8279B794EB8AF90F549534DA5D837A4DF3CEC55C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: #701$InformationValueWindows
              • String ID: DisableFirstRunCustomize$Microsoft-Windows-IE-InternetExplorer-IEAppDeprecation$Software\Microsoft\Internet Explorer\Main
              • API String ID: 1300295446-3127308057
              • Opcode ID: 532cdf3c4ce8ecdf123ca2bbeb1a215f4c3757aa633642d46c4d2360cd878880
              • Instruction ID: b0ee251acd08fd3295bd896046da6b2e5cc4c55896e88839f5f07b22b20ac914
              • Opcode Fuzzy Hash: 532cdf3c4ce8ecdf123ca2bbeb1a215f4c3757aa633642d46c4d2360cd878880
              • Instruction Fuzzy Hash: 69311277A2A603C6FB049B28E8D837AA691AF46B94F444134E54DC22A5DF7DE889C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CloseCreateOpenValue
              • String ID: IEXPLORE.EXE$Software\Clients\StartMenuInternet
              • API String ID: 776291540-1175255948
              • Opcode ID: 435efc2ff8bef9bd25fb89d3b70caebd33e8010c89ec6103a6f11550acd99859
              • Instruction ID: 5ea62c0b7c58354c84506dfa5f58aff742668739cc64f5b0bf88ff75b75922a8
              • Opcode Fuzzy Hash: 435efc2ff8bef9bd25fb89d3b70caebd33e8010c89ec6103a6f11550acd99859
              • Instruction Fuzzy Hash: 0E31FC33928B86C7E760CB60F48876AF7A4FB9AB95F405135DA4D82A54DF7CD948CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              • bing.com, xrefs: 00007FF674B3CF3C
              • &pc=, xrefs: 00007FF674B3CF6A
              • &pc=%s, xrefs: 00007FF674B3CFA0
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free$Allocmemcpy_s
              • String ID: &pc=$&pc=%s$bing.com
              • API String ID: 3413315342-245000116
              • Opcode ID: 0a7451fd29d4b065e9a55a3cc0956230aeb508da04ff9b6b6a4124023c214d98
              • Instruction ID: ab3a2a398006adbd0c38f8551eb29a19af7147b9e9435df6937535b46d972081
              • Opcode Fuzzy Hash: 0a7451fd29d4b065e9a55a3cc0956230aeb508da04ff9b6b6a4124023c214d98
              • Instruction Fuzzy Hash: ED21E933A18B42C3D601DB56E488069ABB0FB8AF90B599131DE4D87759EF39E951C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: QueryValue$CloseOpen
              • String ID: OOBEInProgress$SYSTEM\Setup$SystemSetupInProgress
              • API String ID: 1586453840-252206877
              • Opcode ID: 9c58a30d26de4208d1da9d762cf33a83a44f58d37aaa6920f580d32a3a9bad46
              • Instruction ID: 3d73a8f30fe2c4cdf7fbf05a6aac20667ffd90ed9dc5ac28ec304aa467173cce
              • Opcode Fuzzy Hash: 9c58a30d26de4208d1da9d762cf33a83a44f58d37aaa6920f580d32a3a9bad46
              • Instruction Fuzzy Hash: FD215237614B42CAEB608F34E8845A9BBA4FB4AB9CF455235EA4D83B54DF38D445CB04
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B3D4D0: LocalAlloc.KERNELBASE ref: 00007FF674B3D4F5
                • Part of subcall function 00007FF674B3D4D0: LocalFree.KERNEL32(?,?,00000000,00007FF674B35774,?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B3D516
              • #682.IERTUTIL(?,?,?,?,00000000,00000001,?,00007FF674B357A1,?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B36627
              • #665.IERTUTIL(?,?,?,?,00000000,00000001,?,00007FF674B357A1,?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B36696
              • #665.IERTUTIL(?,?,?,?,00000000,00000001,?,00007FF674B357A1,?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B366B5
              • #651.IERTUTIL ref: 00007FF674B3673E
              • GetProcessHeap.KERNEL32(?,?,?,?,00000000,00000001,?,00007FF674B357A1,?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B36816
              • HeapFree.KERNEL32(?,?,?,?,00000000,00000001,?,00007FF674B357A1,?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B3682A
              • GetProcessHeap.KERNEL32(?,?,?,?,00000000,00000001,?,00007FF674B357A1,?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B36848
              • HeapFree.KERNEL32(?,?,?,?,00000000,00000001,?,00007FF674B357A1,?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B3685C
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$Free$#665LocalProcess$#651#682Alloc
              • String ID:
              • API String ID: 2616862846-0
              • Opcode ID: 1f94fd93e0105e52b721851efbb18a617eab9b1fe0398d126bc1d56a9c079642
              • Instruction ID: 71e02425066febc2b2ef2d09013ca640154830fd0513fc9f69b15274a7de7de1
              • Opcode Fuzzy Hash: 1f94fd93e0105e52b721851efbb18a617eab9b1fe0398d126bc1d56a9c079642
              • Instruction Fuzzy Hash: 54814232A18652C7E7148F66A58827AE7A5FB8AFD4F454035EE4D83B58DF7CE8418B00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Local$Free$InfoNamedProcessSecurity$AccessAllocAllowedCloseCurrentErrorHandleLastLengthOpenTokenmemcpy_smemset
              • String ID:
              • API String ID: 347426353-0
              • Opcode ID: a769e73b1f198c410ddc8979925be2b96bb23d339d11469fc9f76f961d368ea9
              • Instruction ID: 769cec7a909915f23531497557d266a4ffecd911349a749a9025d77aa663331e
              • Opcode Fuzzy Hash: a769e73b1f198c410ddc8979925be2b96bb23d339d11469fc9f76f961d368ea9
              • Instruction Fuzzy Hash: C7410A33628B82C6E750CF55E4883B9A7A4FB8AB94F804135DA8D87A55DF7CE845CB10
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$CertCertificateContextHeapProperty$AllocProcess
              • String ID:
              • API String ID: 3057230840-0
              • Opcode ID: 0c5d1fda1ef6bfb705892f337418ff3f6a49e2f81b20b62324457c2966637a02
              • Instruction ID: 131fa68ad31f01217e28cf13a364555ac222c9b363b9bc6a9675c5b3bf995e59
              • Opcode Fuzzy Hash: 0c5d1fda1ef6bfb705892f337418ff3f6a49e2f81b20b62324457c2966637a02
              • Instruction Fuzzy Hash: 04311023714B82CAE7145F6A9898279BAA4FF8AFC5B489134DE4AC3354DF7CEC059610
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: EnumHeapValue$AllocCloseDeleteInfoOpenProcessQuery_wcsnicmp
              • String ID:
              • API String ID: 1988773347-0
              • Opcode ID: c80c2d447968bac7e0f757add1cfb8683f00219ccc02fde240ff9d97f38e097d
              • Instruction ID: abb3a3a6a9edf866c77f67fd64f54895aba0a6b2b9f296167f6c540c2db3e30f
              • Opcode Fuzzy Hash: c80c2d447968bac7e0f757add1cfb8683f00219ccc02fde240ff9d97f38e097d
              • Instruction Fuzzy Hash: D5517B33B28B41CAE710CF61A8885BC77A8FB4AB94B514638DE6D97B94DF38D941C704
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: #655#657$#662#665
              • String ID: W
              • API String ID: 3353587207-655174618
              • Opcode ID: 759166db18ef9005b19cb714e448f63e57b424fcc4ed654e23d080dcac4e5661
              • Instruction ID: 16a8a7547b342c560c0e25bda7094dd5396cd55240820a267e7f8e27bb1ca290
              • Opcode Fuzzy Hash: 759166db18ef9005b19cb714e448f63e57b424fcc4ed654e23d080dcac4e5661
              • Instruction Fuzzy Hash: C8513D23A2C682C7E7208F66E4887B9B760FB8AB94F504035DA4D83699DF7DE945C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$AddressFreeHandleModuleProcProcess
              • String ID: RtlNotifyFeatureUsage$ntdll.dll
              • API String ID: 3729415315-2443152447
              • Opcode ID: 96b39f8874dcf63b06524510102518e02031d1d5a76a6b6f7ba653090f454df2
              • Instruction ID: 9567114eaf58431b56ebb72e658032a829de45317f861679b30ab2790508c4ac
              • Opcode Fuzzy Hash: 96b39f8874dcf63b06524510102518e02031d1d5a76a6b6f7ba653090f454df2
              • Instruction Fuzzy Hash: D7416423A39F42C2FA609B19E8D87B9A690AF56FC4F854135DE0DC7691DF2CEC84C611
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: wcschr
              • String ID: Software\Microsoft\Windows\CurrentVersion\Policies$\\?\
              • API String ID: 1497570035-1297041245
              • Opcode ID: b42dcdf16d11872bbd43d63cb3988fd6a8d1910d59d534f940cd18d7537ea9d0
              • Instruction ID: cfac1af43d1e984fe4fc3016e037c60f5922bddbc8545951b65933e46b453054
              • Opcode Fuzzy Hash: b42dcdf16d11872bbd43d63cb3988fd6a8d1910d59d534f940cd18d7537ea9d0
              • Instruction Fuzzy Hash: 02412C23A28641C6EA15DF1598881BAB7A0FB46FA4B499731DA2DC73D4EF7CEC45C340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF674B49A6F,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49B4C
              • HeapAlloc.KERNEL32(?,?,?,?,00000000,00007FF674B49A6F,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49B6C
              • GetTokenInformation.ADVAPI32(?,?,?,?,00000000,00007FF674B49A6F,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49B97
              • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF674B49A6F,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49BAF
              • GetLastError.KERNEL32(?,?,?,?,00000000,00007FF674B49A6F,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49BC9
              • HeapFree.KERNEL32(?,?,?,?,00000000,00007FF674B49A6F,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49C00
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$Heap$AllocFreeInformationToken
              • String ID:
              • API String ID: 1666231400-0
              • Opcode ID: 7d48a1188cbbd30f450ea4df74bbc18aa4b8eb2196aedb313955f411440782e6
              • Instruction ID: 09b97a7ae5c01d1cb120f1523e8f71f42ebf8e237c1695e8a473633fea41a5a1
              • Opcode Fuzzy Hash: 7d48a1188cbbd30f450ea4df74bbc18aa4b8eb2196aedb313955f411440782e6
              • Instruction Fuzzy Hash: CB314132A18B52CAE7108F3AA888679BAD0BB4BFD1F448534DE4EC7755DE3CE8058740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ExclusiveLock$AcquireAddressHandleModuleProcRelease
              • String ID: RtlRegisterFeatureConfigurationChangeNotification$ntdll.dll
              • API String ID: 303310891-4023217342
              • Opcode ID: 4904b21f2ad604199fa21768c5bc73090c2a3bd9920e4de4b433bec205bcb950
              • Instruction ID: 284288718aa9a40fe6dd462f227af7540113f964be3ca4aa7b37a60dc1dfadea
              • Opcode Fuzzy Hash: 4904b21f2ad604199fa21768c5bc73090c2a3bd9920e4de4b433bec205bcb950
              • Instruction Fuzzy Hash: BE311626A29F42C1EA408F59E8D8379A7A1BB5AFD4F454031DE4D87754EF3CE985C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc$ErrorLast
              • String ID: RtlSubscribeWnfStateChangeNotification$ntdll.dll
              • API String ID: 798792539-2214456325
              • Opcode ID: d47f8e060707303971e46c4fac0b74203bf9d46e649ea22f1daa8a814d434ab5
              • Instruction ID: 4debdeb78f2bd7a486ac1c84061ea7032b4ef9438abd59762e872a0c9238c2d8
              • Opcode Fuzzy Hash: d47f8e060707303971e46c4fac0b74203bf9d46e649ea22f1daa8a814d434ab5
              • Instruction Fuzzy Hash: CE312333A29B42C6EB418B54E4D83B9B3A4BB4AF95F464135DA4D87790DF3CE889C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B2AB18: LocalFree.KERNEL32 ref: 00007FF674B2AD46
              • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B48394,?,00000000,?,00007FF674B4859F), ref: 00007FF674B489A3
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B48394,?,00000000,?,00007FF674B4859F), ref: 00007FF674B489B3
              • CreateFile2.KERNEL32 ref: 00007FF674B48A17
              • SetFileAttributesW.KERNEL32 ref: 00007FF674B48A37
              • GetLastError.KERNEL32 ref: 00007FF674B48A43
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AttributesErrorFileLast$CreateFile2FreeLocal
              • String ID:
              • API String ID: 2781035858-3916222277
              • Opcode ID: f3a717655c47b2bcf0a206714054644786fed6e40f58c9a3de2352a801b34eae
              • Instruction ID: f7c7c7357b3a81939e4ceb42798cc81fcdc1661c4b9f1df5bf6931592dbd0a77
              • Opcode Fuzzy Hash: f3a717655c47b2bcf0a206714054644786fed6e40f58c9a3de2352a801b34eae
              • Instruction Fuzzy Hash: 70316132A14B82C7E3008B15E58466ABBA0FB46FA5F509330DB5983694DF7CE8568B40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              • Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}, xrefs: 00007FF674B240B0
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CloseValue$CreateQuery
              • String ID: Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}
              • API String ID: 1259008579-2693928049
              • Opcode ID: c9f8b029a8b0d5ae3bc7802d96a0725188ca4125c49e01aa0ccec99e63157c2a
              • Instruction ID: bbe62c55a21a44eee64c0b618e22f8ec3e292cefa09f9fd2ba457734bf1991a3
              • Opcode Fuzzy Hash: c9f8b029a8b0d5ae3bc7802d96a0725188ca4125c49e01aa0ccec99e63157c2a
              • Instruction Fuzzy Hash: 68312C37618B81C7DB608F55F49466ABBA4FB89B94F455231EA8D83B18DF7CD444CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • #654.IERTUTIL ref: 00007FF674B48882
              • ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF674B488AF
              • #654.IERTUTIL ref: 00007FF674B48929
                • Part of subcall function 00007FF674B21574: _vsnwprintf.MSVCRT ref: 00007FF674B215B4
                • Part of subcall function 00007FF674B279FC: #654.IERTUTIL(?,?,?,?,?,?,00007FF674B3D85D), ref: 00007FF674B27A25
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: #654$EnvironmentExpandStrings_vsnwprintf
              • String ID: %s\system32\ie4uinit.exe %s$%windir%$-CleanupEmeDataStores
              • API String ID: 3028992113-2826242292
              • Opcode ID: 882a687b2d0f1e8face0d908b8d86f86e78cf34d3bc256f0e62fded5e30fded2
              • Instruction ID: c5c4f72f25b822e7a32df1aa70957d27cf0d0dd0282b25ce6fc2275bef5d3241
              • Opcode Fuzzy Hash: 882a687b2d0f1e8face0d908b8d86f86e78cf34d3bc256f0e62fded5e30fded2
              • Instruction Fuzzy Hash: FF214473628A82C3E750CB54E8997A6B760FB8AB84F801131DB4DC7654DF3CE948CB44
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ConditionMask$Library$AddressFreeInfoLoadProcVerifyVersionmemset
              • String ID: Internet-Browser-License-LicensedPartnerID$SLGetWindowsInformationDWORD$slc.dll
              • API String ID: 179017354-4234991666
              • Opcode ID: 68dd85d134c14a3697c27e661238cb0b4201a4028add230c28eeb201c643efd7
              • Instruction ID: 5989c84e1ebbf1fda4fc47f9ff760797926cba2cff3183b5a085df7af89cfbd4
              • Opcode Fuzzy Hash: 68dd85d134c14a3697c27e661238cb0b4201a4028add230c28eeb201c643efd7
              • Instruction Fuzzy Hash: B7115923A29A41C6EA109F05E4D82B9ABB0FB9AF81F544034DA4D87755DF3DEC89DB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • OpenMutexW.KERNEL32(?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E12B
              • CloseHandle.KERNEL32(?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E170
              • GetLastError.KERNEL32(?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E180
              • GetLastError.KERNEL32(?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E19A
                • Part of subcall function 00007FF674B3E1D8: CreateMutexW.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E1FC
                • Part of subcall function 00007FF674B3E1D8: #50.IERTUTIL(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E217
                • Part of subcall function 00007FF674B3E1D8: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E22D
                • Part of subcall function 00007FF674B3E1D8: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E23C
                • Part of subcall function 00007FF674B3E1D8: DuplicateHandle.KERNEL32 ref: 00007FF674B3E266
                • Part of subcall function 00007FF674B3E1D8: CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E2CA
              • GetLastError.KERNEL32(?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E1AD
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorHandleLast$CloseCurrentMutexProcess$CreateDuplicateOpen
              • String ID: Local\IEHistJournalGlobal_3bf1c317-e96b-46f6-ba88-50c001d497aa
              • API String ID: 3831808724-600561470
              • Opcode ID: 23073b8ef0e03cb0dee782dc404174976a2cab6242dc4f802b5ee1706a92d5b2
              • Instruction ID: 5ae3615383177e7f23607fb2d033e32039987885ce599351ea98267c76b74d8a
              • Opcode Fuzzy Hash: 23073b8ef0e03cb0dee782dc404174976a2cab6242dc4f802b5ee1706a92d5b2
              • Instruction Fuzzy Hash: 3A11F132628E43C6F7515B76E8D837AAA90EF4BF85F449435D90EC3254EF2CEC548600
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressLibraryLoadProc
              • String ID: OSDATA\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection$RtlIsStateSeparationEnabled$Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection$ntdll.dll
              • API String ID: 2574300362-100155017
              • Opcode ID: c04dcd58cbc17c43e5736dfd680682fbbcaed1e9d24bbe59e114f45746ade5a0
              • Instruction ID: 9351ac1c1e4bd9db31434b6c0f5d2fba9ae686ffeb4d19553a2c181ca47f22f1
              • Opcode Fuzzy Hash: c04dcd58cbc17c43e5736dfd680682fbbcaed1e9d24bbe59e114f45746ade5a0
              • Instruction Fuzzy Hash: B3F01226B39B02C2FE455B05E8C8174A760BF47F91F849035C40D83350EF3CA989C710
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: memcmpmemcpy_s
              • String ID:
              • API String ID: 1855548253-0
              • Opcode ID: 68150fb1adb10f8d19270eefc5884ffcb0b852d7997bec9ba89d8f84d5425c6a
              • Instruction ID: 046876efe2c20643ac3cc8edc086292314c5413b8b7aa64148ddf3b397b232d3
              • Opcode Fuzzy Hash: 68150fb1adb10f8d19270eefc5884ffcb0b852d7997bec9ba89d8f84d5425c6a
              • Instruction Fuzzy Hash: FA91AF23A14692CAEB208F69D4885BD3761FB5AFD8B214136DE5D97B88DF38DD52C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Path$CreateFrom$CurrentDirectory
              • String ID:
              • API String ID: 1023945515-0
              • Opcode ID: b75043f01db1fa734c951a543ef75efc84d6ed3fb2b385e2b787aba20dcdfe6b
              • Instruction ID: 08058f280977d1dd6332093f1b0a31d1e80435882a0b2a2622d8ea704f3d46a6
              • Opcode Fuzzy Hash: b75043f01db1fa734c951a543ef75efc84d6ed3fb2b385e2b787aba20dcdfe6b
              • Instruction Fuzzy Hash: 54514E33B28A52C7EB10DB69E4846BD6761FB8AB84F005135EE0E93B95DF3CE8458740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$memcpy_s$AllocFree
              • String ID:
              • API String ID: 3865269606-0
              • Opcode ID: 240d5a64fd82d3d9d51975dc3bb1993ada37545a00bee49ef6ebdbffab0deeda
              • Instruction ID: 1ca119f5ace09b0530967aa57f74bf9c1b514c42fadb3d591312304ff7b21499
              • Opcode Fuzzy Hash: 240d5a64fd82d3d9d51975dc3bb1993ada37545a00bee49ef6ebdbffab0deeda
              • Instruction Fuzzy Hash: 5341A073A24A42C2EA24DF5598C8178A6A1BFCAF91B188635DE5DC77A0DF3CEC45C200
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: memset
              • String ID:
              • API String ID: 2221118986-0
              • Opcode ID: fefb7610e6acfedc5583788c293b2c1997f8b1710b4fbb97aeabdf5e97d918e8
              • Instruction ID: 9aae3222e4dc4606a083ff18644124517c472dbd8378f5cbd1d13aea65af139b
              • Opcode Fuzzy Hash: fefb7610e6acfedc5583788c293b2c1997f8b1710b4fbb97aeabdf5e97d918e8
              • Instruction Fuzzy Hash: 9A414C77714A81C6EB60CF26D8882E96761FB99F88F419032DE4D87764EE39D946D300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • WaitForSingleObject.KERNEL32(?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B3570B
              • GetLastError.KERNEL32(?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B3571E
              • GetLastError.KERNEL32(?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B35733
              • GetLastError.KERNEL32(?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B35748
              • #672.IERTUTIL(?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B357FF
              • ReleaseMutex.KERNEL32(?,?,00000000,00007FF674B2F250,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B35848
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$#672MutexObjectReleaseSingleWait
              • String ID:
              • API String ID: 551975906-0
              • Opcode ID: 21c8ae7bcd83e9771f9f4a1ec3c697094afa109cf085233710482315e4fe4506
              • Instruction ID: 00530e7fc00436dc3a7c0b3cbe319818f2271c2a899a2b11c581e223a03684ac
              • Opcode Fuzzy Hash: 21c8ae7bcd83e9771f9f4a1ec3c697094afa109cf085233710482315e4fe4506
              • Instruction Fuzzy Hash: CA415F33A28642C7F7809F3798993796B94EF86F84F455134DA09C3695DF3CEC058610
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$AllocBstrFree
              • String ID:
              • API String ID: 359749342-0
              • Opcode ID: 1e20656773bdb0b06bc6aa223e059a0aa9c850de746c4aaa8eb820e3b96a9f43
              • Instruction ID: 49fbba8e434cdb50412314a13aa18ba5fadf693c80fd0b035c473c3eca1bfd89
              • Opcode Fuzzy Hash: 1e20656773bdb0b06bc6aa223e059a0aa9c850de746c4aaa8eb820e3b96a9f43
              • Instruction Fuzzy Hash: 4F31B133A28A42C2EA218F59E488279B7A0FB8AF90F594131DE1D83795DF3DE845C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$ObjectSearchSingleWait
              • String ID:
              • API String ID: 3990731185-0
              • Opcode ID: e0944001fa6a1d6b620a1bb0a5398021aacddec031f73d5c9a66093980c2bb20
              • Instruction ID: bb14eb41bc9acee6c738d779028a05fa320bc29951bda1cd24c5d37cdf3fa4e1
              • Opcode Fuzzy Hash: e0944001fa6a1d6b620a1bb0a5398021aacddec031f73d5c9a66093980c2bb20
              • Instruction Fuzzy Hash: 14414F23A28B42C7EB549B6694D83786BA8FF8AF81F444175DA0D87795EF3CE8418340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorExclusiveLastLockThreadpoolTimer$AcquireCreateRelease
              • String ID:
              • API String ID: 117860038-0
              • Opcode ID: 9aed23e82d132a15d41d2a396b67c9487a3dbd35fdf0626fed179054b0ce0515
              • Instruction ID: 5e7a3d748e85c08dd3bd49d2b45c10b53ac57e30e3bbd4fd3b3601bd83950d5b
              • Opcode Fuzzy Hash: 9aed23e82d132a15d41d2a396b67c9487a3dbd35fdf0626fed179054b0ce0515
              • Instruction Fuzzy Hash: 2A316227A28B81C6EA618B25A4C8179ABA0FF4BFE0F455535DE4E43B54DF3CE8458B00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • WideCharToMultiByte.KERNEL32 ref: 00007FF674B37689
              • GetLastError.KERNEL32 ref: 00007FF674B37752
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,00007FF674B37B27), ref: 00007FF674B376D9
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF674B37B27), ref: 00007FF674B376F4
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF674B37B27), ref: 00007FF674B3770E
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$ByteCharHeapMultiWide$AllocProcess
              • String ID:
              • API String ID: 289723558-0
              • Opcode ID: f7f5d8281df42106d5d424511c6a8742336de28875b75e8773f47e469580e9de
              • Instruction ID: 005aeab41d75698288195db57f9300a62dbd76f1b1087696021e681954e20edd
              • Opcode Fuzzy Hash: f7f5d8281df42106d5d424511c6a8742336de28875b75e8773f47e469580e9de
              • Instruction Fuzzy Hash: 3F313C37A28B42C7E7109B66A5983797AE0FB8AF95F548234CB4987354DF7CE8048740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Lock$AcquireCriticalExclusiveReleaseSectionShared$EnterLeave
              • String ID:
              • API String ID: 3221859647-0
              • Opcode ID: 4db5293840bb064735ada58c6a5ff5cb4cfe286d78248bac55efe07f0a40d3bf
              • Instruction ID: c021219c3ed282e1401e36ce5b19862bf3b5d566470d8f902bc0e3fac528ba0d
              • Opcode Fuzzy Hash: 4db5293840bb064735ada58c6a5ff5cb4cfe286d78248bac55efe07f0a40d3bf
              • Instruction Fuzzy Hash: CF318227B18E81C6EA118F25A598179AB60FB8AFD4B499130DF4E47B04CF3CE8858740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorExclusiveLastLockThreadpoolTimer$AcquireCreateRelease
              • String ID:
              • API String ID: 117860038-0
              • Opcode ID: 1b19bf096620836a551ed67004da282b00b8f38c7e08bb86b2568c0a97377c79
              • Instruction ID: 4b54dc333b5f353c8dfa4f868568b699426bc280ff8901254c45658f9c9ceba9
              • Opcode Fuzzy Hash: 1b19bf096620836a551ed67004da282b00b8f38c7e08bb86b2568c0a97377c79
              • Instruction Fuzzy Hash: C2317227A28B91D6EB505F29E498278ABA0FB4AFD0F045131CE4D87B55CF3CE8658700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Local$AllocFreememset
              • String ID: Software\Microsoft\Windows\CurrentVersion\Policies$Software\Policies\Microsoft\Internet Explorer$Software\Policies\Microsoft\Internet Explorer\Infodelivery
              • API String ID: 3749828606-3808456074
              • Opcode ID: 80be77c6de241351d6a52ace3fc2eb49041b77060a09e86989deae8f5346bb27
              • Instruction ID: 0a7ca6aebbd054218f70233c5d36b6524bc2107de76b7e111a1761c8acc20918
              • Opcode Fuzzy Hash: 80be77c6de241351d6a52ace3fc2eb49041b77060a09e86989deae8f5346bb27
              • Instruction Fuzzy Hash: 28316B23E2C646C7F6518B2AE4D8379A669EB4AF84FD54035D61EC3691DF2CFD828700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$MutexObjectReleaseSingleWait
              • String ID:
              • API String ID: 3488842590-0
              • Opcode ID: c6cb1b1544684603a92f51156c5af88fdd185bf1753478ddd8e8b2db321eaa02
              • Instruction ID: f6c196cd89b67a310b3d76584f75674b2113f885e9bf0092be8739ba1326201f
              • Opcode Fuzzy Hash: c6cb1b1544684603a92f51156c5af88fdd185bf1753478ddd8e8b2db321eaa02
              • Instruction Fuzzy Hash: BA217422719B42CBE7045F66A9D83397AA0EF8BF90F458574DA5EC3791DF2CE8448700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$Process$AllocFreememcpy_s
              • String ID:
              • API String ID: 3519707287-0
              • Opcode ID: aa210cd04906db95f9748722d6304b6edf133017f7e199c6d90576bfed211e4b
              • Instruction ID: 1805f1a433dd3f4fc249211dea2b5363fab451a861b4643c808322c07942fae5
              • Opcode Fuzzy Hash: aa210cd04906db95f9748722d6304b6edf133017f7e199c6d90576bfed211e4b
              • Instruction Fuzzy Hash: FE314B37624F41C6EB048F56E458269BBA0FB5AFD4B089231CE5E43754CF38E846C340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free$ByteCharMultiWide$Alloc
              • String ID:
              • API String ID: 246500865-0
              • Opcode ID: 65a410a9ed790447233d16f6684bcdd76bee5b67b7499c6f4f0f8008fa8304d9
              • Instruction ID: 250a96daf6a9da47b2efdf905752eab9bb5749b5b091596d21a76fe7ad673cfd
              • Opcode Fuzzy Hash: 65a410a9ed790447233d16f6684bcdd76bee5b67b7499c6f4f0f8008fa8304d9
              • Instruction Fuzzy Hash: 34214F32618B41C7E7149B69E888269BBA1FB8AF90F588334DA4D43B95DF3CD945C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: #791$#398#594#597#793
              • String ID:
              • API String ID: 1768570115-0
              • Opcode ID: 8cfc270b118f4dc606346083a4800a4609f7c5540dabd661f83e06911b6a0c3e
              • Instruction ID: 308662ed9aa7ace146df4cfe3373853eca1bc1bfab7842d4498b57387e1b4795
              • Opcode Fuzzy Hash: 8cfc270b118f4dc606346083a4800a4609f7c5540dabd661f83e06911b6a0c3e
              • Instruction Fuzzy Hash: 3F116333D28682C7E6105B19A48C579BB60FF4BF91F4A9474D95E93380CF3CAC45C650
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetCurrentThread.KERNEL32 ref: 00007FF674B49949
              • OpenThreadToken.ADVAPI32(?,?,?,00007FF674B49A15,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49962
              • GetLastError.KERNEL32(?,?,?,00007FF674B49A15,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B49972
              • GetCurrentProcess.KERNEL32(?,?,?,00007FF674B49A15,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B4999E
              • OpenProcessToken.ADVAPI32(?,?,?,00007FF674B49A15,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B499B5
              • GetLastError.KERNEL32(?,?,?,00007FF674B49A15,?,?,?,?,?,?,?,?,00000000,00007FF674B496F5), ref: 00007FF674B499C9
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CurrentErrorLastOpenProcessThreadToken
              • String ID:
              • API String ID: 4013858454-0
              • Opcode ID: 787ed4f9ecf75da4bd73d7d0c2e55bad2fa6868813a7a14b32510526e528b220
              • Instruction ID: 7ed6bf1e47283ff4c832c675d262f7f70809f5488941bc8acc93a15da63066a9
              • Opcode Fuzzy Hash: 787ed4f9ecf75da4bd73d7d0c2e55bad2fa6868813a7a14b32510526e528b220
              • Instruction Fuzzy Hash: EA11EF36624B42CBE7481B7A98A97797AD0FB5BF81F44913DDA4FC7290DE3CE8458600
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CountCurrentTickTime$CounterFilePerformanceProcessQuerySystemThread
              • String ID:
              • API String ID: 4104442557-0
              • Opcode ID: 473da3024dd97dc2c5c58d81bb17125a548f5c86a36c7e0a4e59a3afdd0f3c03
              • Instruction ID: a2ab78525aa2f40c9b6ce8af92543243223409c9a60462ac7d6ccb69c88777a3
              • Opcode Fuzzy Hash: 473da3024dd97dc2c5c58d81bb17125a548f5c86a36c7e0a4e59a3afdd0f3c03
              • Instruction Fuzzy Hash: 03112127B14F41CAEB00DF65E89816833A4FB5AB98F401A35EA5D87B54DF7CE9A4C340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • StrCmpNIA.SHLWAPI ref: 00007FF674B4115C
              • EnterCriticalSection.KERNEL32 ref: 00007FF674B4134B
              • LeaveCriticalSection.KERNEL32 ref: 00007FF674B41373
                • Part of subcall function 00007FF674B424A0: QueueUserWorkItem.KERNEL32 ref: 00007FF674B424BF
              • CreateUri.URLMON ref: 00007FF674B41214
                • Part of subcall function 00007FF674B2195C: GetProcessHeap.KERNEL32 ref: 00007FF674B21969
                • Part of subcall function 00007FF674B2195C: HeapFree.KERNEL32 ref: 00007FF674B2197D
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CriticalHeapSection$CreateEnterFreeItemLeaveProcessQueueUserWork
              • String ID: https://
              • API String ID: 2263833432-4275131719
              • Opcode ID: 8c61f924bf8f51843a04d91dae1add2a6d571a1d8561f744914102045fcfb1d9
              • Instruction ID: 8a0127a733360c07426d74fc518579465c38052a0b5b8c8e18bae72a98339b12
              • Opcode Fuzzy Hash: 8c61f924bf8f51843a04d91dae1add2a6d571a1d8561f744914102045fcfb1d9
              • Instruction Fuzzy Hash: BFC16C23F29B56D9EB10CF69D4883AD67A5BB86B88F600035DE4D97B85DF39E815C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$FileSize
              • String ID: 'g
              • API String ID: 3064237074-1221219425
              • Opcode ID: 35262efbbc48682b715a7b015c3ee6f52e6a86979b9f98825a1df257739a03c0
              • Instruction ID: 3e7b4f3512feee3bbfd09270bcd7c99cccb52841209cf2de1b72c975700844d6
              • Opcode Fuzzy Hash: 35262efbbc48682b715a7b015c3ee6f52e6a86979b9f98825a1df257739a03c0
              • Instruction Fuzzy Hash: E0A1FA72A28242CBE7648F2AE0C866AB6A1FB46B44F504139EB49C7655CF7DFC41DB04
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$Process$Free$AddressAllocHandleModuleProcmemset
              • String ID:
              • API String ID: 2903015918-0
              • Opcode ID: 65e0c406d3f7512303b76326628a94aebff9ed825d42034f5b9b6d879e46bb1a
              • Instruction ID: 28fc771e8f720d5a8fd5a404feecd45ca3d7bf1e185485390524972b92565481
              • Opcode Fuzzy Hash: 65e0c406d3f7512303b76326628a94aebff9ed825d42034f5b9b6d879e46bb1a
              • Instruction Fuzzy Hash: 35913C33B14A61CAEB20CF69E4845A9BBB0FB5AB88B485135DF4E83754DF38E594C710
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free$Alloc
              • String ID: https://ieonline.microsoft.com/EUPP/v1/service?action=signvalue&appid=Microsoft_IE_EUPP$signvalue
              • API String ID: 986138563-2343436192
              • Opcode ID: a572de9d37b10c572b738654052b43543e0c83e224a03e6a7ac514f2632ccb76
              • Instruction ID: c06cfbd5cebefc7cebee971cdbe22a38f8fe6eac687555526a726db8bbbd47e6
              • Opcode Fuzzy Hash: a572de9d37b10c572b738654052b43543e0c83e224a03e6a7ac514f2632ccb76
              • Instruction Fuzzy Hash: CA51E437A28B45C2EB50DB16E488328B7A5FB8AF80F158135DB9D87B64DF39E851C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLastOpenSemaphore
              • String ID: _p0$wil
              • API String ID: 1909229842-1814513734
              • Opcode ID: 8f1c8197586efdea456c0d4e54f5c59f0ea7551b1bf842886e12527a411a622f
              • Instruction ID: dae52348630e12419a6a21e22708ccebff7c91248b8be201f353079a5a01cdf5
              • Opcode Fuzzy Hash: 8f1c8197586efdea456c0d4e54f5c59f0ea7551b1bf842886e12527a411a622f
              • Instruction Fuzzy Hash: 43518E23B28A82D6EB21DB61D8992F96391BB8AF84F441131DA0D9B755DF3CED05C350
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$CreateMessageMutexPost
              • String ID: {66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}
              • API String ID: 1064731545-2535197689
              • Opcode ID: 0dd03cabf84300492fa786156e98facfc12e6935b8a979c80a5d1f3feb9e3d26
              • Instruction ID: 94bab58cb4d702b7b111e4e5c0a09a6f021f1ed89281f4f6b55d8654008707d9
              • Opcode Fuzzy Hash: 0dd03cabf84300492fa786156e98facfc12e6935b8a979c80a5d1f3feb9e3d26
              • Instruction Fuzzy Hash: B5215E22A28B82C7EB508B6AE488279B7A0FB8AF84F549131DA4D87754DF3DDC05C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B266E8: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26721
                • Part of subcall function 00007FF674B266E8: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26799
                • Part of subcall function 00007FF674B266E8: PostThreadMessageW.USER32 ref: 00007FF674B267B9
              • SHDeleteValueW.SHLWAPI ref: 00007FF674B25FE4
              • SHSetValueW.SHLWAPI ref: 00007FF674B26043
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: MessageValue$DeleteFormatLocalPostThreadTime
              • String ID: In SetIEExplorerAccess. fShow=%1!d!, fPreserveSpadValues=%2!d!$Software\Microsoft\Windows\CurrentVersion\Explorer\RemoveAccess$iexplore.exe
              • API String ID: 2337993085-105929265
              • Opcode ID: c1f53402722c7b61a180e48bae6a5efa4dd725ea96e3fd642e4a0b769368deaa
              • Instruction ID: f780c555fa7c1bd0dddb50e055bfa5bc76fda41214f892ecbc2240a180ee1059
              • Opcode Fuzzy Hash: c1f53402722c7b61a180e48bae6a5efa4dd725ea96e3fd642e4a0b769368deaa
              • Instruction Fuzzy Hash: 62214133628A41C1EA20DB14E8D86A6B7A0FB99FA0F904335DA6D837D5DF3CD945C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CloseOpenQueryValue
              • String ID: DeferMigrationCommand$SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo
              • API String ID: 3677997916-3890334675
              • Opcode ID: 0946ee757f948a6dd990c49542e51ada67983e5ef61673ebc22e33b5a32d5811
              • Instruction ID: d1bb3a3a71c3ce316867399538bf438c0534b9ed24d7a8613b732531d09a0cc4
              • Opcode Fuzzy Hash: 0946ee757f948a6dd990c49542e51ada67983e5ef61673ebc22e33b5a32d5811
              • Instruction Fuzzy Hash: C311D037618B41C3E3108F68E48856ABBB5FB8ABD0F655235DA5C83714EF39D845C704
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B21574: _vsnwprintf.MSVCRT ref: 00007FF674B215B4
              • SHGetValueW.SHLWAPI ref: 00007FF674B24DD0
              • SHSetValueW.SHLWAPI ref: 00007FF674B24E11
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Value$_vsnwprintf
              • String ID: Attributes$Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\%s\ShellFolder${871C5380-42A0-1069-A2EA-08002B30309D}
              • API String ID: 2219702684-1335838630
              • Opcode ID: f3a24ecc632a362d4d645f0bc6a2c1484e3f96eaf544e095b4abd2511e78a88c
              • Instruction ID: 3a3ef62353c9dff2f5b25507fb5f712522fc8715881b8266aaf6ec3fc3acb3e3
              • Opcode Fuzzy Hash: f3a24ecc632a362d4d645f0bc6a2c1484e3f96eaf544e095b4abd2511e78a88c
              • Instruction Fuzzy Hash: D0213E73629B81C6EB108B54F48839AB7A0FB89B54F841222E69D43B58CF7CD545CB44
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Value
              • String ID: SystemSetupInProgress$UpgradeInProgress$system\Setup
              • API String ID: 3702945584-4024946984
              • Opcode ID: c147cfceacf426b6f2114d5ba9af16899c8a7fe802ed39993bab37a0ccafd479
              • Instruction ID: 46a424dcc8b87d7a11293718bc7019653e8d696f11233c805d8dd48805774eeb
              • Opcode Fuzzy Hash: c147cfceacf426b6f2114d5ba9af16899c8a7fe802ed39993bab37a0ccafd479
              • Instruction Fuzzy Hash: ED113D73618B41C7EB109F64E4882AAB7A4FB8AB50F904636DB5C82794DF3DD948CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: EnvironmentVariable$ErrorLast
              • String ID: INSTALLER_SHADOWED_COMPONENT_IDENTITY$INSTALLER_WINNING_COMPONENT_IDENTITY
              • API String ID: 1936246020-224403506
              • Opcode ID: 32495d554ce1e6d95e37de35e43dd4084d6055df9eb18f07b58ab3107ef2f7fc
              • Instruction ID: d8c6ff3fa7def637704ebab6d3b437d6b605d3e68d3f9b3b1e4e05b2a24d0225
              • Opcode Fuzzy Hash: 32495d554ce1e6d95e37de35e43dd4084d6055df9eb18f07b58ab3107ef2f7fc
              • Instruction Fuzzy Hash: 75011D72B38942C6FA609B14E4D83B9A6A0FB9AF84F815131CA4DC7254DF3CE945C710
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: memcpy_s$memcmp$memmove_s
              • String ID:
              • API String ID: 2013778500-0
              • Opcode ID: 9da43df6d4f1fc0f812a56dc30ed6e0d29868c6679c4b7b70a108a369951fc3b
              • Instruction ID: 123b5a1a81b9d052d461ff42eb2d2d603977b016a9419a10e499f1080cb5afb8
              • Opcode Fuzzy Hash: 9da43df6d4f1fc0f812a56dc30ed6e0d29868c6679c4b7b70a108a369951fc3b
              • Instruction Fuzzy Hash: 46C17067F58691CAEB20CFB990846FC27B1EB16BC8B504136DE4DA7B48DE38D856C340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF674B26295), ref: 00007FF674B3DC5E
              • GetSystemTime.KERNEL32 ref: 00007FF674B3DCB2
              • SystemTimeToFileTime.KERNEL32 ref: 00007FF674B3DCC8
              • SetFileTime.KERNEL32 ref: 00007FF674B3DCFC
              • WaitForSingleObject.KERNEL32 ref: 00007FF674B3DD14
                • Part of subcall function 00007FF674B3E400: ReleaseMutex.KERNEL32(?,?,?,00007FF674B409D6), ref: 00007FF674B3E40A
                • Part of subcall function 00007FF674B3E400: GetLastError.KERNEL32(?,?,?,00007FF674B409D6), ref: 00007FF674B3E41C
                • Part of subcall function 00007FF674B3E400: GetLastError.KERNEL32(?,?,?,00007FF674B409D6), ref: 00007FF674B3E434
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Time$ErrorFileHeapLastObjectSingleSystemWait$AllocMutexProcessRelease
              • String ID:
              • API String ID: 530240592-0
              • Opcode ID: 8d8a3290b94e9f7285a6d839b2ae02dcbfddf4ed58952d545f2d8b6686c7577e
              • Instruction ID: 032324df61404056fa52fd42823226079fc0a0ff3cc2a3e418b9df7c5cabfe55
              • Opcode Fuzzy Hash: 8d8a3290b94e9f7285a6d839b2ae02dcbfddf4ed58952d545f2d8b6686c7577e
              • Instruction Fuzzy Hash: 75619F23B28B82C3E7108B7694D83B96698FB8AF84F809131DA5D87695DF7CE841D300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: FreeTask$memcpy_s
              • String ID:
              • API String ID: 3307904802-0
              • Opcode ID: 52b867c85d3fd97b9696bab05222bbfa6b3aa13e1ece795fcefb982131d5ae19
              • Instruction ID: a5e4462a6558c9f3fe3ac5a8cda0c3f20dd967c9ca0b843fdf52e2d288a7c9ba
              • Opcode Fuzzy Hash: 52b867c85d3fd97b9696bab05222bbfa6b3aa13e1ece795fcefb982131d5ae19
              • Instruction Fuzzy Hash: E671F626A29B06C7EB65DB66D58836977A0FB4AF40F054535CB4E87B91DF38F860C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B38893), ref: 00007FF674B377EC
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B38893), ref: 00007FF674B378BE
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B38893), ref: 00007FF674B37844
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B38893), ref: 00007FF674B37861
              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF674B38893), ref: 00007FF674B3787B
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$ByteCharHeapMultiWide$AllocProcess
              • String ID:
              • API String ID: 289723558-0
              • Opcode ID: 341cf5bd28714aafd77f24a6869c4122df8b41f709976b79a9da73efec3f81a0
              • Instruction ID: 3450b32ed38932798bdd0f4a5479f9894890010c52373204bc95c0fa65885e39
              • Opcode Fuzzy Hash: 341cf5bd28714aafd77f24a6869c4122df8b41f709976b79a9da73efec3f81a0
              • Instruction Fuzzy Hash: 11418C36A14B82CAE7109B66A8882787AA4FB8BF80B548134CF4DD7754DF3CE804C340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$MutexObjectReleaseSingleWait
              • String ID:
              • API String ID: 3488842590-0
              • Opcode ID: 45c93d64a24b5013e3aa04704b84c5a70deb4255425aba1c728199f095129b87
              • Instruction ID: 6be0fa3082215386988b2dd4fa00e1b58fcf69ec2638d7e1c4194fb97a0edf3c
              • Opcode Fuzzy Hash: 45c93d64a24b5013e3aa04704b84c5a70deb4255425aba1c728199f095129b87
              • Instruction Fuzzy Hash: FB413D27628B46C6EA609F66E4D837977A4FF8AF90F484135CA4E87751DF3CEC458600
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • CloseHandle.KERNEL32(?,00000000,?,00007FF674B4859F), ref: 00007FF674B483A8
              • SetFileAttributesW.KERNEL32 ref: 00007FF674B483C0
              • #85.IERTUTIL(?,00000000,?,00007FF674B4859F), ref: 00007FF674B483EA
              • CloseHandle.KERNEL32 ref: 00007FF674B48412
              • SetFileAttributesW.KERNEL32 ref: 00007FF674B4842A
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AttributesCloseFileHandleHeap$AllocProcess
              • String ID:
              • API String ID: 977303244-0
              • Opcode ID: e274e3b18f940fc1c2b0c713c3ce29d9a4113d7b5169154283517c1723ac2fa9
              • Instruction ID: f9033c753bcdd8069f9de7f8ac4e64fdc00d4104548cefd32514a413f595356e
              • Opcode Fuzzy Hash: e274e3b18f940fc1c2b0c713c3ce29d9a4113d7b5169154283517c1723ac2fa9
              • Instruction Fuzzy Hash: 64316D37A28A52C2D6108B199488038B6A1FB86FF0B599330DE7D977D4DF38EC428340
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: DefaultLocaleName_wcsnicmp$SystemUsermemset
              • String ID:
              • API String ID: 3446605168-0
              • Opcode ID: 7dd38079e8b8d1b161cb5d7aee0b511de44794c030a94791b8fa11ea766817e8
              • Instruction ID: 00d3f350573eb5e4da9e75be2698202ae44d3463da553c2866436fd1cb8dd19c
              • Opcode Fuzzy Hash: 7dd38079e8b8d1b161cb5d7aee0b511de44794c030a94791b8fa11ea766817e8
              • Instruction Fuzzy Hash: 0A316E33618A86C6EB20CF51E4983A9B7A5FB8AB84F948535CA8E83754DF3CD915C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$MutexRelease
              • String ID:
              • API String ID: 3084565237-0
              • Opcode ID: bac1c4b56fa18452e767bde95d816850919ad1b2b547528bd3be9fbd619d9969
              • Instruction ID: 8170365de0d06ebbe4e2d2a7223accdc00c2748d94f903bed3afccf6f4a427b7
              • Opcode Fuzzy Hash: bac1c4b56fa18452e767bde95d816850919ad1b2b547528bd3be9fbd619d9969
              • Instruction Fuzzy Hash: 87113723F24A91D7E7049B62E4993796660FB8FF81F459130DA0E57B45CF3CE8668700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ConditionMask$InfoVerifyVersionmemset
              • String ID:
              • API String ID: 375572348-0
              • Opcode ID: 708f62ab02d84b42226dea42d9c642bd027bf5e3d4e82d382ddd47a80a9e209b
              • Instruction ID: a419b83a940d77f94ac5afca91cab6a1ff04b2fcc9462137f2b9fc284b46df5c
              • Opcode Fuzzy Hash: 708f62ab02d84b42226dea42d9c642bd027bf5e3d4e82d382ddd47a80a9e209b
              • Instruction Fuzzy Hash: 13112C36518A81CAD721CF25E4943EAB7A0FB8EB84F419225DA4D87714EF3CE519CB40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CertCloseErrorLastStore$Open$#690CertificatesCreateEnumwcsncmp
              • String ID:
              • API String ID: 3604553212-0
              • Opcode ID: bc792a905b81199ed5dd7cf56ca4bae12c518b21cdea93072ef47507df7e579a
              • Instruction ID: 1c0d92d621da20fd703837e48fa9c405bd8eda3d34d18d5df4dab0b8202249a0
              • Opcode Fuzzy Hash: bc792a905b81199ed5dd7cf56ca4bae12c518b21cdea93072ef47507df7e579a
              • Instruction Fuzzy Hash: 96114C23B24B82CAE7444B69A8D8379A6A0FF9EFC5F449130DA4EC3204DF7CD8048700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$FreeProcess
              • String ID:
              • API String ID: 3859560861-0
              • Opcode ID: 9c1ccea412562e06cead4470327ebdc00304fd1a316e3f9d2135adfdf34fcef6
              • Instruction ID: 15a78786f2df505c4e643f1976eac0e6c447b9d3668e894fe633780ccf85c6bf
              • Opcode Fuzzy Hash: 9c1ccea412562e06cead4470327ebdc00304fd1a316e3f9d2135adfdf34fcef6
              • Instruction Fuzzy Hash: 12112A36A24B81C6E7048B6AA658379ABA1FB8FFD5F099234CE0A47714DF38E4458200
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B36E8C: CreateUri.URLMON ref: 00007FF674B36EDA
                • Part of subcall function 00007FF674B36E8C: SysFreeString.OLEAUT32 ref: 00007FF674B36F4D
              • CreateIUriBuilder.URLMON(?,?,?,00007FF674B33499), ref: 00007FF674B37343
              • UrlEscapeW.SHLWAPI(?,?,?,00007FF674B33499), ref: 00007FF674B37374
              • SysFreeString.OLEAUT32 ref: 00007FF674B375B5
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CreateFreeString$BuilderEscape
              • String ID: %.*s%s%s=%s%.*s
              • API String ID: 1165466252-2473103020
              • Opcode ID: 45b54442e8504d07e12223d4ea5c0af13c51757fe82d7f42a61899a280dab157
              • Instruction ID: 78289e9480479824b8a79d5a36e60cc0b7356bf545bbf3499856e3f73a76bc93
              • Opcode Fuzzy Hash: 45b54442e8504d07e12223d4ea5c0af13c51757fe82d7f42a61899a280dab157
              • Instruction Fuzzy Hash: 25A15D37718B46C6EB548F6AE484669B7A0FB8AF84F508131DA4D83B64DF3CE845CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: RtlQueryFeatureConfiguration$ntdll.dll
              • API String ID: 1646373207-4111156962
              • Opcode ID: ff4ce8cbd6aef6cb2545a792f662ded6eacd254b3d43cf5fdd25bc099ded1673
              • Instruction ID: d038cc9f8b5ec6cc8fa6ef4833ebee3c9dd552c60912f4c3b86625945b42d911
              • Opcode Fuzzy Hash: ff4ce8cbd6aef6cb2545a792f662ded6eacd254b3d43cf5fdd25bc099ded1673
              • Instruction Fuzzy Hash: FD417F77B29B428BEB548B19E884665B6A0FB95BD0F085035DA5E83750EF3CE845CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: #660$#652#791
              • String ID: Low
              • API String ID: 1912657141-2865053249
              • Opcode ID: c0c388e4f501b1343f714e18dfc0c900613578cec6049a7754bd568e96714392
              • Instruction ID: b05509d2ed9897274de22622e594c100c166dfad9d9dc4364170aa958b5aed89
              • Opcode Fuzzy Hash: c0c388e4f501b1343f714e18dfc0c900613578cec6049a7754bd568e96714392
              • Instruction Fuzzy Hash: B1313062B28A83C7FB509B65E8D93BA6354EF87F84F804035DA5DC7695DE2CE805C710
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: iswalpha$wcsncmp
              • String ID: \\?\
              • API String ID: 1827288291-4282027825
              • Opcode ID: 8905a606073eae4a5cc23113bb84bbfe3cbc7af7e9bc4174df03e98159e8b837
              • Instruction ID: 5b9b4022261517ce2929f2f4796b596bb50f9187624bafebaae8c6c3ad07cdf2
              • Opcode Fuzzy Hash: 8905a606073eae4a5cc23113bb84bbfe3cbc7af7e9bc4174df03e98159e8b837
              • Instruction Fuzzy Hash: BE317023A28603C1EB54DF25E49827AA2A4EF4BFA5F449035CA0DD32C4DF6DEC99C301
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: wcschr$wcsncmp
              • String ID: .lnk$\$\\?\
              • API String ID: 511192645-3340180466
              • Opcode ID: 12781204174246d00d7153b5e28fd67304a95d37bef90932ca220a45398a763f
              • Instruction ID: a5f20c1451697b3e570b8243bb4a68fc940b5b94a9adc7333d1cfb5943e136b8
              • Opcode Fuzzy Hash: 12781204174246d00d7153b5e28fd67304a95d37bef90932ca220a45398a763f
              • Instruction Fuzzy Hash: E221B813B28B42C1EE60DB59E58C178A292DF4AFA4F544532DA5D87F94DE7CEC80C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B3E57C: #791.IERTUTIL(?,?,?,?,00000000,?,?,00007FF674B3E02D), ref: 00007FF674B3E5CB
                • Part of subcall function 00007FF674B3E57C: CreateFileW.KERNEL32 ref: 00007FF674B3E600
                • Part of subcall function 00007FF674B3E57C: GetLastError.KERNEL32 ref: 00007FF674B3E60F
              • memset.MSVCRT ref: 00007FF674B3E042
                • Part of subcall function 00007FF674B3E69C: GetFullPathNameW.KERNEL32 ref: 00007FF674B3E6DB
                • Part of subcall function 00007FF674B3E69C: LCMapStringW.KERNEL32 ref: 00007FF674B3E71C
              • OpenMutexW.KERNEL32 ref: 00007FF674B3E0CF
                • Part of subcall function 00007FF674B3E1D8: CreateMutexW.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E1FC
                • Part of subcall function 00007FF674B3E1D8: #50.IERTUTIL(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E217
                • Part of subcall function 00007FF674B3E1D8: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E22D
                • Part of subcall function 00007FF674B3E1D8: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E23C
                • Part of subcall function 00007FF674B3E1D8: DuplicateHandle.KERNEL32 ref: 00007FF674B3E266
                • Part of subcall function 00007FF674B3E1D8: CloseHandle.KERNEL32(?,?,?,?,?,?,?,00007FF674B3E155,?,?,00000000,00007FF674B3DE97,?,?,00000000,00007FF674B40BDC), ref: 00007FF674B3E2CA
              Strings
              • Local\IEHistJournalMx_1699bb90-bebe-4437-b6e8-a6b7123fa38e_, xrefs: 00007FF674B3E072
              • Local\IEHistJournalFm_24c20119-753b-4f33-887d-f2381810562d_, xrefs: 00007FF674B3E0A9
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CreateCurrentHandleMutexProcess$#791CloseDuplicateErrorFileFullLastNameOpenPathStringmemset
              • String ID: Local\IEHistJournalFm_24c20119-753b-4f33-887d-f2381810562d_$Local\IEHistJournalMx_1699bb90-bebe-4437-b6e8-a6b7123fa38e_
              • API String ID: 1835007835-223612499
              • Opcode ID: ca36de9cfc639684a43628448f5b0e6451a92d5799841ab4c09a911419569783
              • Instruction ID: ac5f57f01d825ae80e66d740c3ebdd8cd21f87dc449078f9f4ed27400d7cf87b
              • Opcode Fuzzy Hash: ca36de9cfc639684a43628448f5b0e6451a92d5799841ab4c09a911419569783
              • Instruction Fuzzy Hash: DE219363728B81C2E740DB65E5897EA63A0EB8AB84F440132EA8D87759DF3CD915C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26721
                • Part of subcall function 00007FF674B267E8: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF674B26768), ref: 00007FF674B26832
                • Part of subcall function 00007FF674B267E8: PostThreadMessageW.USER32 ref: 00007FF674B26853
              • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26799
              • PostThreadMessageW.USER32 ref: 00007FF674B267B9
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Message$FormatPostThread$LocalTime
              • String ID: %1!02d!/%2!02d!/%3!04d!:%4!02d!:%5!02d!:%6!02d!:
              • API String ID: 2193567623-20010298
              • Opcode ID: cb63d83ca76231a31d7671baae62dffd1df182e9952ead777b19c6976d593e17
              • Instruction ID: 20e1f44a5c596e5d41e4c8d94d7ae3562154766ce244b628d48a0edc1d8aa9a0
              • Opcode Fuzzy Hash: cb63d83ca76231a31d7671baae62dffd1df182e9952ead777b19c6976d593e17
              • Instruction Fuzzy Hash: A9214633B24B11CAE7108FA0E4845ADBBB4F749B99B445529EE8D53B68EF38C594CB10
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetModuleHandleW.KERNEL32(?,?,?,00007FF674B2A54D,?,?,?,?,?,?,?,?,Software\Microsoft\Windows\CurrentVersion\Policies,?,00000104,?), ref: 00007FF674B29F4A
              • GetProcAddress.KERNEL32(?,?,?,00007FF674B2A54D,?,?,?,?,?,?,?,?,Software\Microsoft\Windows\CurrentVersion\Policies,?,00000104,?), ref: 00007FF674B29F60
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: RtlAreLongPathsEnabled$ntdll.dll
              • API String ID: 1646373207-3809284139
              • Opcode ID: 6610c3df13943d460628f4b556de26dce6c0d8b6d1dd3bdba30ca0b3bda2a049
              • Instruction ID: 701e57e522612e3916d2dd5a5dda56946e3db2ca55ef8f3cc09b087ab6aa935e
              • Opcode Fuzzy Hash: 6610c3df13943d460628f4b556de26dce6c0d8b6d1dd3bdba30ca0b3bda2a049
              • Instruction Fuzzy Hash: 4B111767F39602CAFFA58B25E4A83B97690BF57F45F585435C80E86390EE2DBC448200
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetUserPreferredUILanguages.KERNEL32(?,?,00000000,00007FF674B2CDB5,?,?,00000000,00007FF674B2C9E8), ref: 00007FF674B2CE46
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • memset.MSVCRT ref: 00007FF674B2CE93
              • GetUserPreferredUILanguages.KERNEL32(?,?,00000000,00007FF674B2CDB5,?,?,00000000,00007FF674B2C9E8), ref: 00007FF674B2CEAC
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: HeapLanguagesPreferredUser$AllocProcessmemset
              • String ID: zh-cn
              • API String ID: 724727097-1604153623
              • Opcode ID: 12b7172c76ebfab11d48bfc9e17e5b10c02491ebd9e620c2a7437f553ce72003
              • Instruction ID: d1e78a1950d2ad882457958c865618d35dd303f67a6d9dffc2d620b118830fda
              • Opcode Fuzzy Hash: 12b7172c76ebfab11d48bfc9e17e5b10c02491ebd9e620c2a7437f553ce72003
              • Instruction Fuzzy Hash: DF117533A24681C6DB44DF65E4C45B9B7A0EB8AFC4B459036DA0E87754DF38ED45CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • RegOpenKeyExW.ADVAPI32 ref: 00007FF674B258A2
                • Part of subcall function 00007FF674B21574: _vsnwprintf.MSVCRT ref: 00007FF674B215B4
              • RegCloseKey.ADVAPI32 ref: 00007FF674B25910
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CloseOpen_vsnwprintf
              • String ID: @%s$Software\Classes\Local Settings\MuiCache
              • API String ID: 2342809593-1369442998
              • Opcode ID: 4778afca581fe4c2ec7cf257b6e044eebec4e554100dbd66bd5dc58f4120dd82
              • Instruction ID: 8393e84fb068a8c9aad3e4e4a0532576a739b82f8890b44a0f821e657ca270e7
              • Opcode Fuzzy Hash: 4778afca581fe4c2ec7cf257b6e044eebec4e554100dbd66bd5dc58f4120dd82
              • Instruction Fuzzy Hash: 10215633728A81C2EA50CB15E8C82BAA260FF9AF84F450531DA4D87785DF3DD904C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AllocString
              • String ID: about:blank$about:home
              • API String ID: 2525500382-1158670746
              • Opcode ID: a45c483eb91492c9d0574b30df03977aab2d589e597594d87eefae69b77105cf
              • Instruction ID: 9ac5c089ceb1bccafc97750ea9effbb969b972f9e11381bfea4cc9abd1d30cd1
              • Opcode Fuzzy Hash: a45c483eb91492c9d0574b30df03977aab2d589e597594d87eefae69b77105cf
              • Instruction Fuzzy Hash: D911512362968182FA50DB29E8952A9A2A4EF85F90F864031EE4D83759DF7CD846C600
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: NtUpdateWnfStateData$ntdll.dll
              • API String ID: 1646373207-3251081820
              • Opcode ID: 978806689a33224d62decafdfc6581833d93efe07ea16e4602e8d24810a1ad67
              • Instruction ID: 8139eb1558a74bee1ff7bf9e32fb4d3036b07a9c048238e527c037544daf3184
              • Opcode Fuzzy Hash: 978806689a33224d62decafdfc6581833d93efe07ea16e4602e8d24810a1ad67
              • Instruction Fuzzy Hash: 8611FB76A28B92C6EB508B09F498665F7A0FB4AFC4F454535D94D87B54EF3CE844CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CreateOpenValue
              • String ID: Implementing
              • API String ID: 2195001959-2263074448
              • Opcode ID: 67e30a86f41d69680b2b9d6c17cf86694e57295e31f4382248cff80b9d65b3af
              • Instruction ID: db83435790f83abb5c84856e97a20c3bc704d6eb71a2fa02ff1b54a2e479427f
              • Opcode Fuzzy Hash: 67e30a86f41d69680b2b9d6c17cf86694e57295e31f4382248cff80b9d65b3af
              • Instruction Fuzzy Hash: DC117773628A81C6EB508B64E48426AF7A0FB9DF90F515231EA4E87794DF7CD584CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: NtQueryWnfStateData$ntdll.dll
              • API String ID: 1646373207-3115237368
              • Opcode ID: ba2e491b3dbb56c872d368d3a089219b561215f90e3d822142373721b1568491
              • Instruction ID: 7768500e62e111581e26d6db862c33b870f9c865235f75a9348e73e537dbac24
              • Opcode Fuzzy Hash: ba2e491b3dbb56c872d368d3a089219b561215f90e3d822142373721b1568491
              • Instruction Fuzzy Hash: 9E013926A29B46C2EA108F09F898529F7A0FF4AFC0B454131D94D83764EE3CE884CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: RtlDisownModuleHeapAllocation$ntdll.dll
              • API String ID: 1646373207-704576883
              • Opcode ID: 325b02f8112d2c4dd9222ad764e22ff6498a5bc0369ff82a7b7ffd9f0ee0d3ed
              • Instruction ID: 0d227a3ad0d273b520aee8d2dbbb6125ba078d2ccc8033371babd209d8a717f5
              • Opcode Fuzzy Hash: 325b02f8112d2c4dd9222ad764e22ff6498a5bc0369ff82a7b7ffd9f0ee0d3ed
              • Instruction Fuzzy Hash: 2B011A36B29B92C2FA548B56F8D8135F6A0BF4AF80B445535D95D87768EF3CE889C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: MessageSend$BroadcastTimeout
              • String ID: 0u$Software\Microsoft\Internet Explorer\SearchScopes
              • API String ID: 3425702700-4149236433
              • Opcode ID: 6f3e3e78bfbe61eae2c21084f971a3e4db11849af9f853ffeeab749fde9d3730
              • Instruction ID: 2460747e518ca7557966b20420abab9f196997dd3cd4a84a40a280075b3efe58
              • Opcode Fuzzy Hash: 6f3e3e78bfbe61eae2c21084f971a3e4db11849af9f853ffeeab749fde9d3730
              • Instruction Fuzzy Hash: C8018F73A24B41C7E754CF28E8842AAB7A1FB86B45F545135C94E83794DF3CE986CB40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: DefaultLocaleName_wcsnicmp$Systemmemset$User
              • String ID: zh-CN
              • API String ID: 2466754949-4051137917
              • Opcode ID: 7412364b922baefeac7ed78c498e50b6f103cdd8c1bb1d7b821a7b0cdea23a7d
              • Instruction ID: 819f9722760dcfc5687c1db3e6bfc96fbc89a888a89183ff2e9a7621d3fcc60b
              • Opcode Fuzzy Hash: 7412364b922baefeac7ed78c498e50b6f103cdd8c1bb1d7b821a7b0cdea23a7d
              • Instruction Fuzzy Hash: 74015E33628682C2EB60DB24E4953B9B361FB96B49F805031D98E83645DF3CD549CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: RtlNtStatusToDosErrorNoTeb$ntdll.dll
              • API String ID: 1646373207-1321910969
              • Opcode ID: 529a0ab4ea28b072d3adebcf01f2b28696179c6e20dd8fe9857c5c5559e5e118
              • Instruction ID: 43a87cd213630a3d580d82466d014e3978369b4451ae36800b68db6f8c373205
              • Opcode Fuzzy Hash: 529a0ab4ea28b072d3adebcf01f2b28696179c6e20dd8fe9857c5c5559e5e118
              • Instruction Fuzzy Hash: CCF0BB26B29B42C6EE458B59F4E8175F6A4BF4BF80B495035C91D86354EE3CEC88D300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: RtlDllShutdownInProgress$ntdll.dll
              • API String ID: 1646373207-582119455
              • Opcode ID: a1a0870a2c7b89d3d70ccdc3009ca4638aaf9076faf5fbb6f8fd8e1b55bd97c7
              • Instruction ID: 33344ea240eaebeadf35a884bdbd8d6d7a102feeddcb553adb931b68bb39aac0
              • Opcode Fuzzy Hash: a1a0870a2c7b89d3d70ccdc3009ca4638aaf9076faf5fbb6f8fd8e1b55bd97c7
              • Instruction Fuzzy Hash: 33F0A436A2AB43C6FE859B94F8D8175B7A0AF1BF41B441475C81D86360EF3CAC88C310
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: wcschr
              • String ID: .lnk
              • API String ID: 1497570035-24824748
              • Opcode ID: b476977faa064f2c98e2c5415e8122cf951e04792a3be6ca796d9cdcd0ab51b3
              • Instruction ID: e27725d9ae6d27239b55d74cf6dca648012861a703cf17f8b5416d0a164708e2
              • Opcode Fuzzy Hash: b476977faa064f2c98e2c5415e8122cf951e04792a3be6ca796d9cdcd0ab51b3
              • Instruction Fuzzy Hash: BFF01D32A26606CAEE04CB10E4C8278F761FB5EF09F889530C90DC6654EF3CAC89C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: RaiseFailFastException$kernelbase.dll
              • API String ID: 1646373207-919018592
              • Opcode ID: ec1ab4963161daf65c9f295ada60badb5975ea094209b7d17fae4cef2e4d209e
              • Instruction ID: 01ae97373966db43a2e5a1c55d0d0872291db910ea430c2c0f6a590629f1bdd0
              • Opcode Fuzzy Hash: ec1ab4963161daf65c9f295ada60badb5975ea094209b7d17fae4cef2e4d209e
              • Instruction Fuzzy Hash: 5FF0D036728B91D2EA454B06F598075E661FF4AFC0B489535DA4D47714DF3CD885C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: RtlUnregisterFeatureConfigurationChangeNotification$ntdll.dll
              • API String ID: 1646373207-1836318313
              • Opcode ID: 861472fe62fcac2520ba6206cdf3b91ce8b8cc80c26636ae08eb756266b8c895
              • Instruction ID: a780e530a8552efc7d4b74814238b8e213a2a0679a82250223ea192ef35a2f89
              • Opcode Fuzzy Hash: 861472fe62fcac2520ba6206cdf3b91ce8b8cc80c26636ae08eb756266b8c895
              • Instruction Fuzzy Hash: FBF0A976A29B42D2FE558B45F8D8174E6A0AF5BF81B486135C81D86360EE3CA898C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AddressHandleModuleProc
              • String ID: RtlUnsubscribeWnfNotificationWaitForCompletion$ntdll.dll
              • API String ID: 1646373207-368597124
              • Opcode ID: 3049c999bce8b25c9dd2e805528ba28ae65de21aaf3702a7c96de8f326a53417
              • Instruction ID: 2fd0435bce4cf2f42ed2979fa0d875455319c610dc8e8555dee2bd38be8e1757
              • Opcode Fuzzy Hash: 3049c999bce8b25c9dd2e805528ba28ae65de21aaf3702a7c96de8f326a53417
              • Instruction Fuzzy Hash: 66F0A966A39B43C2FE559B55F8D8174F6A0AF4BF81F486035C81E86360EE3CA999C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • #651.IERTUTIL(00000001,?,?,?,00000001,00000001,?,00007FF674B36788), ref: 00007FF674B3B2D3
              • CoTaskMemFree.OLE32(?,00000001,00000001,?,00007FF674B36788), ref: 00007FF674B3B3BC
              • CoTaskMemFree.OLE32(?,00000001,00000001,?,00007FF674B36788), ref: 00007FF674B3B40F
                • Part of subcall function 00007FF674B3D250: SysFreeString.OLEAUT32 ref: 00007FF674B3D29B
              • CoTaskMemFree.OLE32(?,00000001,00000001,?,00007FF674B36788), ref: 00007FF674B3B464
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Free$Task$#651String
              • String ID:
              • API String ID: 2586053401-0
              • Opcode ID: e8577fdb0829290a446be47b258bcc0bbc949d914036d15d96dcabd148802ab3
              • Instruction ID: dd3e7115cbb76d92f43f22a63123f8a588450717bfd5c3b84596dbc41318997e
              • Opcode Fuzzy Hash: e8577fdb0829290a446be47b258bcc0bbc949d914036d15d96dcabd148802ab3
              • Instruction Fuzzy Hash: 33814E6362C682C2EA10DB66E8983BAB760FB86F84F414035DF4D8775ADF7DE9058704
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free$ByteCharMultiWide
              • String ID:
              • API String ID: 1147213928-0
              • Opcode ID: 7af75bcef4ac888b84009e85356f050aee8c07f4cdf33415ba28b64d1f1702a7
              • Instruction ID: 82d3e280bb3620519029d3b53e062a1e50ca46ddea7e4bfaacdd83d8781ed87c
              • Opcode Fuzzy Hash: 7af75bcef4ac888b84009e85356f050aee8c07f4cdf33415ba28b64d1f1702a7
              • Instruction Fuzzy Hash: 77412E33B24B56C6EB008B7698883BC67A5FB86F98F114531DE5DA7B95CF38E9018740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • CertGetCertificateChain.CRYPT32 ref: 00007FF674B3A4C6
              • CertFreeCertificateChain.CRYPT32 ref: 00007FF674B3A5B5
                • Part of subcall function 00007FF674B27724: InitOnceExecuteOnce.KERNEL32(?,?,?,?,00007FF674B2CBF9), ref: 00007FF674B2773C
              • CertVerifyCertificateChainPolicy.CRYPT32 ref: 00007FF674B3A528
                • Part of subcall function 00007FF674B34020: #796.IERTUTIL ref: 00007FF674B340C6
              • CertVerifyCertificateChainPolicy.CRYPT32 ref: 00007FF674B3A55B
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CertCertificateChain$OncePolicyVerify$#796ExecuteFreeInit
              • String ID:
              • API String ID: 2876893052-0
              • Opcode ID: b229a257957f0673dc6ffff8f45f8082e7830226e0fe465d2e5562a5c672266b
              • Instruction ID: 5821c978de071993588edc5175cd02dd44a041bf3c0201d04b444cb64e8fe5d0
              • Opcode Fuzzy Hash: b229a257957f0673dc6ffff8f45f8082e7830226e0fe465d2e5562a5c672266b
              • Instruction Fuzzy Hash: 0F412C33A28746CAE7108F35D4C83AC73A4FB5AB48F625135E60D87695DF79E994C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$#654#677FreeProcess
              • String ID:
              • API String ID: 3027164600-0
              • Opcode ID: 8d1676e6348f9a9a005560becea7c2c693df899d3e0704f5e87a42bc37155e89
              • Instruction ID: 4c2cf2268e2f65eed2342304263acecdf6b73a06820a22a17e373d9361f39149
              • Opcode Fuzzy Hash: 8d1676e6348f9a9a005560becea7c2c693df899d3e0704f5e87a42bc37155e89
              • Instruction Fuzzy Hash: 55414C37B24A52C7EB008B66D8442AC77A5FB8AF94F498132DE5C97794CF38E845C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$Process$Alloc
              • String ID: P
              • API String ID: 651230671-3110715001
              • Opcode ID: 0345d3ad1eaba446a8b575d645f2d279467e595c1d20cc6e5271e11f8fa7aa90
              • Instruction ID: a29bc8f0f80c7322a889e45ac6a6645c109f224483447ec3d2305b43f3b95df6
              • Opcode Fuzzy Hash: 0345d3ad1eaba446a8b575d645f2d279467e595c1d20cc6e5271e11f8fa7aa90
              • Instruction Fuzzy Hash: 98413A23B24651C2EB24CF56E488279B7A0FB5AF94B484535DB8E87754EF3CE891C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CopyVariant
              • String ID:
              • API String ID: 3840901598-0
              • Opcode ID: 6c8d80fced1518bd5aeb84ff22d0d2438a443bf8cae78f916e4200faf5a0accb
              • Instruction ID: e5cbe8df1726d72d741114e9c23c514ec7168665e09d3037e5a2d75adeda5fd5
              • Opcode Fuzzy Hash: 6c8d80fced1518bd5aeb84ff22d0d2438a443bf8cae78f916e4200faf5a0accb
              • Instruction Fuzzy Hash: 71416D63B28642CBEB108F25D498379B7A0FB49B44F50A035DB4D8325DEF38E995CB40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free$Allocmemset
              • String ID:
              • API String ID: 1001048240-0
              • Opcode ID: 3fbe98b7ccb2cdf8d2797c0f2f5876d06265a66315b42ae60f9d685a108c8e47
              • Instruction ID: 16dd1ce48fac3ec7eee2d01df59592aabd971518d22302bd3905b3e4b1a1a2c3
              • Opcode Fuzzy Hash: 3fbe98b7ccb2cdf8d2797c0f2f5876d06265a66315b42ae60f9d685a108c8e47
              • Instruction Fuzzy Hash: 54413C23A28A82CAFA508B65E4C837AA7A0EF56F44F445131DA4CC6654DF2CE984C750
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B45880: AcquireSRWLockExclusive.KERNEL32(?,?,?,00007FF674B4538E), ref: 00007FF674B458DF
                • Part of subcall function 00007FF674B45880: ReleaseSRWLockExclusive.KERNEL32(?,?,?,00007FF674B4538E), ref: 00007FF674B45903
              • AcquireSRWLockExclusive.KERNEL32 ref: 00007FF674B453C9
              • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF674B4541D
              • AcquireSRWLockExclusive.KERNEL32 ref: 00007FF674B45462
              • ReleaseSRWLockExclusive.KERNEL32 ref: 00007FF674B4547E
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ExclusiveLock$AcquireRelease
              • String ID:
              • API String ID: 17069307-0
              • Opcode ID: f2d6d357a5c6e861bcd5f9ce7ce5464fecbef8d782c0958c18000f0f59de180d
              • Instruction ID: 972b104afc2449959c25f4acbb4645fba3a93cdea578bcb2baed004f73810e9c
              • Opcode Fuzzy Hash: f2d6d357a5c6e861bcd5f9ce7ce5464fecbef8d782c0958c18000f0f59de180d
              • Instruction Fuzzy Hash: F1316C27A28B52C6FA149B1A90D82B86790EF4BFD1F495031DF4E8B795CF6CEC458700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: #134#791CreateErrorFileLast
              • String ID:
              • API String ID: 3111463030-0
              • Opcode ID: 9b3fa42b258e1af2ff0fddb85f60d35296ec5483da6e38b465a16a14830b53b2
              • Instruction ID: fcd70678d9e1a262667e37696652fb3766e4ea77518189f98a834b63109d73f3
              • Opcode Fuzzy Hash: 9b3fa42b258e1af2ff0fddb85f60d35296ec5483da6e38b465a16a14830b53b2
              • Instruction Fuzzy Hash: BA219533A14742C7E7108F66A444669BA91F79AFA0F498335CE6A837D4CF3CD845C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ExclusiveLock$AcquireRelease
              • String ID:
              • API String ID: 17069307-0
              • Opcode ID: 9484ef23ef66995cb8cebd05d3ba6ff4f16e486a42f3f3f8429a96a8b3686e52
              • Instruction ID: e3376f77ee3b70c90aa39a34142194ae2fef63b661d63f396eb1e1c50318e320
              • Opcode Fuzzy Hash: 9484ef23ef66995cb8cebd05d3ba6ff4f16e486a42f3f3f8429a96a8b3686e52
              • Instruction Fuzzy Hash: E3314723A19E82C5FB908F59A4983B967A0FB4AFD4F494431CE4D87685DF3CE945C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
              • String ID:
              • API String ID: 140117192-0
              • Opcode ID: 6104ea6d15c116b22e10311e22a450f8896651630cbd4009b77cb0c5c530354d
              • Instruction ID: 2c63c36ab332840b54c59cbbbcd275627f9d93c6ba449c21bb2a7adf3520a9a3
              • Opcode Fuzzy Hash: 6104ea6d15c116b22e10311e22a450f8896651630cbd4009b77cb0c5c530354d
              • Instruction Fuzzy Hash: BA41C736A29B01C1EA509B58F888369F7A4FB9AB84F904435E98DC2764DF7DE984C700
              Uniqueness

              Uniqueness Score: -1.00%

              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 01b7fbef9da7edfe6e4d3f1f34d7361b19584e1a29772f2f3867b65ec92f4638
              • Instruction ID: 5d6da6a0324dd37402efaf5afbc923e1394aef076e996c987f92a25805400729
              • Opcode Fuzzy Hash: 01b7fbef9da7edfe6e4d3f1f34d7361b19584e1a29772f2f3867b65ec92f4638
              • Instruction Fuzzy Hash: A3216033B18B82CAE7104F59A4C4239AA94FB9AFD0B588234DA9EC3754DF3CE8149700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B3E480: SetFilePointer.KERNEL32(?,?,00000000,00007FF674B3ED3A), ref: 00007FF674B3E48E
                • Part of subcall function 00007FF674B3E480: GetLastError.KERNEL32(?,?,00000000,00007FF674B3ED3A), ref: 00007FF674B3E4A1
                • Part of subcall function 00007FF674B3E480: GetLastError.KERNEL32(?,?,00000000,00007FF674B3ED3A), ref: 00007FF674B3E4BB
              • ReadFile.KERNEL32 ref: 00007FF674B3ED60
              • GetLastError.KERNEL32 ref: 00007FF674B3ED86
              • GetLastError.KERNEL32 ref: 00007FF674B3EDA0
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$File$PointerRead
              • String ID:
              • API String ID: 839530781-0
              • Opcode ID: 4a702489ef7c82fbdc707b00079c7569a797754f8e54539d71e92391bc0f0f26
              • Instruction ID: 43e70eceb3d463883bf8289c0c97a079b9f1ba2c6c146dd4025c6165daba3109
              • Opcode Fuzzy Hash: 4a702489ef7c82fbdc707b00079c7569a797754f8e54539d71e92391bc0f0f26
              • Instruction Fuzzy Hash: 41215437618A42C7E3105F6AE48426ABBA0FB8AF80F548535DB4DC3654DF7DE804DB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • CreateThreadpoolTimer.KERNEL32 ref: 00007FF674B45967
              • GetLastError.KERNEL32(?,?,?,00007FF674B45476), ref: 00007FF674B4597F
                • Part of subcall function 00007FF674B471FC: SetThreadpoolTimer.KERNEL32(?,?,00007FF674B458B3,00007FF674B46EEC), ref: 00007FF674B4720D
                • Part of subcall function 00007FF674B471FC: WaitForThreadpoolTimerCallbacks.KERNEL32(?,?,00007FF674B458B3,00007FF674B46EEC), ref: 00007FF674B47221
              • SetLastError.KERNEL32(?,?,?,00007FF674B45476), ref: 00007FF674B45997
              • SetThreadpoolTimer.KERNEL32(?,?,?,00007FF674B45476), ref: 00007FF674B459CC
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ThreadpoolTimer$ErrorLast$CallbacksCreateWait
              • String ID:
              • API String ID: 1675045912-0
              • Opcode ID: 4ffe3886d936dd9cf97f700037b8389747d06ca971561655349beef95bdcedae
              • Instruction ID: 10fbae276b388886ecd36ab77c84ef3c90215c89d109a7f43f687d2ad895d41b
              • Opcode Fuzzy Hash: 4ffe3886d936dd9cf97f700037b8389747d06ca971561655349beef95bdcedae
              • Instruction Fuzzy Hash: 8D117F23728B91CBE7109B19A48416D7B60FB4AFD0F445130DF4947B44CF38E8168700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CaptureContextEntryFunctionLookupUnwindVirtual__raise_securityfailure
              • String ID:
              • API String ID: 140117192-0
              • Opcode ID: d011016814abfa9f137b16db49bbe8797c0d7f4c6f76965e4151ae29e9a0422c
              • Instruction ID: d1fcd6b39ad681535dc0d642c4761af7774b92199184a71c32486e64b75bbc8e
              • Opcode Fuzzy Hash: d011016814abfa9f137b16db49bbe8797c0d7f4c6f76965e4151ae29e9a0422c
              • Instruction Fuzzy Hash: 4A21D436929B41C5E7509F58F888369F3A4FB86B84F500435EA8D83764DF7DE995C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$#650#678FreeProcess
              • String ID:
              • API String ID: 315297358-0
              • Opcode ID: 577d7a4dfe9738e694e253d3bc18a0e672679b04cb298def5968ab1958c18eca
              • Instruction ID: 04a8dbcd12f0e84b19633180f6bae7f3a8e23689a53f7e86e8509aad6e8fadf6
              • Opcode Fuzzy Hash: 577d7a4dfe9738e694e253d3bc18a0e672679b04cb298def5968ab1958c18eca
              • Instruction Fuzzy Hash: 2311F533A18B81C7E7008B16E4486A9BBA5F78AFD5F598234DB5C83714DF39E945CB40
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • FlushViewOfFile.KERNEL32(?,?,80070000,00007FF674B3D8C7,?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B40831
              • GetLastError.KERNEL32(?,?,80070000,00007FF674B3D8C7,?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B40841
              • GetLastError.KERNEL32(?,?,80070000,00007FF674B3D8C7,?,?,?,?,?,?,00000000,00007FF674B3DF82), ref: 00007FF674B4085B
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$FileFlushView
              • String ID:
              • API String ID: 1289402859-0
              • Opcode ID: a990ed13d7ab2892ac924a7ef9e80ac26c524bb018c4a44be8a51b99141aedb2
              • Instruction ID: 6e2fd17df52497d84563d12442b623038e872cf3bf83d5a7402441cb582b255a
              • Opcode Fuzzy Hash: a990ed13d7ab2892ac924a7ef9e80ac26c524bb018c4a44be8a51b99141aedb2
              • Instruction Fuzzy Hash: E1017122B28A42CBEB145B79A8E833A76D0BF8EF85F549138C60EC7254DE2CDC044600
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$ItemQueueUserWork
              • String ID:
              • API String ID: 3747073370-0
              • Opcode ID: 14eacf8ad34e20e92eae9ff2b7d110eece5e15943b1edad12668735d67dbe069
              • Instruction ID: 71196caab8a2a056979d911d27510f83704aa83bb8d3525aa3810353606712ea
              • Opcode Fuzzy Hash: 14eacf8ad34e20e92eae9ff2b7d110eece5e15943b1edad12668735d67dbe069
              • Instruction Fuzzy Hash: 37012522B18A82CAE7144F5AA898275B694FF8AFC4F459134DA0EC7654CF7CE8449610
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ClearVariant$FreeTask
              • String ID:
              • API String ID: 3803759766-0
              • Opcode ID: 083de675bfa0179a80c6382cde0368a67dd493d6665bec70bbd47de38c26da8b
              • Instruction ID: 3d762adc9102db66fd4e762580a2a15a1b4a0bda3840b9e79efda4253e6dbdb5
              • Opcode Fuzzy Hash: 083de675bfa0179a80c6382cde0368a67dd493d6665bec70bbd47de38c26da8b
              • Instruction Fuzzy Hash: 3B11BF33A19A82C6DA009F19E494179B774FB8AF94F544231DB4E43395CF3CE956C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CriticalExclusiveLockSection$AcquireEnterLeaveRelease
              • String ID:
              • API String ID: 1115728412-0
              • Opcode ID: 2740da7edc5023f3013e369249ed16852eadfd8aed36f7a2680fd41db22fe8c1
              • Instruction ID: 45a6de75c0ec357c4979a177c6192e3a1679c48a732bddba5df7793672dd01b2
              • Opcode Fuzzy Hash: 2740da7edc5023f3013e369249ed16852eadfd8aed36f7a2680fd41db22fe8c1
              • Instruction Fuzzy Hash: F0015263A28B82C3EE148B59A598179B760FB9FFD57189131DE4E43714DF3CE8918700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$FilePointer
              • String ID:
              • API String ID: 1156039329-0
              • Opcode ID: 2caabb295391575067a7288c4f57014de3cc3fa88c705d19cfaf46bc14124aa6
              • Instruction ID: 709d28cdcefa0bbd7b5630441e4763484260f86b8811291922088b44df44c44b
              • Opcode Fuzzy Hash: 2caabb295391575067a7288c4f57014de3cc3fa88c705d19cfaf46bc14124aa6
              • Instruction Fuzzy Hash: 4EF03C22B24A42CBF7142B7A98D93797AD0AF8FF51F549538CA1AC3690DE2CDC495610
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$MutexRelease
              • String ID:
              • API String ID: 3084565237-0
              • Opcode ID: f121569b6cc66ea61df892c088d04e2cd5a96ee013e412c85f6b2c4345931e00
              • Instruction ID: c94743f8d5c5899df4d1db69b6a5d006f6c6a6362a6e8e7d81705fc7daa2a5b8
              • Opcode Fuzzy Hash: f121569b6cc66ea61df892c088d04e2cd5a96ee013e412c85f6b2c4345931e00
              • Instruction Fuzzy Hash: 1DF04423B14E42CBE7001FBAA8D8279BAE4FF8EF85B959134C60AC3214DF2CDC444610
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B2AB18: LocalFree.KERNEL32 ref: 00007FF674B2AD46
              • SHCreateDirectory.SHELL32 ref: 00007FF674B24C3D
                • Part of subcall function 00007FF674B245D0: GetShortPathNameW.KERNEL32 ref: 00007FF674B24622
                • Part of subcall function 00007FF674B245D0: GetShortPathNameW.KERNEL32 ref: 00007FF674B24672
                • Part of subcall function 00007FF674B245D0: PathFindFileNameW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24687
                • Part of subcall function 00007FF674B245D0: GetCurrentDirectoryW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B246B6
                • Part of subcall function 00007FF674B245D0: SetCurrentDirectoryW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B246CD
                • Part of subcall function 00007FF674B245D0: FindFirstFileW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B246ED
                • Part of subcall function 00007FF674B245D0: CoCreateInstance.OLE32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24724
                • Part of subcall function 00007FF674B245D0: StrCmpIW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B247B4
                • Part of subcall function 00007FF674B245D0: StrCmpIW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B247E0
                • Part of subcall function 00007FF674B245D0: PathRemoveBlanksW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B2481E
                • Part of subcall function 00007FF674B245D0: StrCmpICW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24842
                • Part of subcall function 00007FF674B245D0: StrCmpICW.SHLWAPI(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24860
                • Part of subcall function 00007FF674B245D0: FindNextFileW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B249CC
                • Part of subcall function 00007FF674B245D0: FindClose.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24A07
                • Part of subcall function 00007FF674B245D0: FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24A68
                • Part of subcall function 00007FF674B245D0: lstrcmpW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24A8C
                • Part of subcall function 00007FF674B245D0: lstrcmpW.KERNEL32(?,00000000,?,00000000,00000001,00000000,-000009FE,00007FF674B24D12), ref: 00007FF674B24AA7
              • PathFileExistsW.SHLWAPI ref: 00007FF674B24C98
                • Part of subcall function 00007FF674B2A334: wcschr.MSVCRT ref: 00007FF674B2A39C
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: FileFindPath$DirectoryName$CreateCurrentFirstShortlstrcmp$BlanksCloseExistsFreeInstanceLocalNextRemovewcschrwcsncmp
              • String ID: -extoff
              • API String ID: 3822344381-2466603806
              • Opcode ID: c74820fcb4a2a2f93b487c8b1967546ce1afa3201c7d9fbf7e440289c26192ec
              • Instruction ID: 60b564681767fc18897dcc4085bb4b1783cd5eab87dc1fcb2cdb3d8deca0fc65
              • Opcode Fuzzy Hash: c74820fcb4a2a2f93b487c8b1967546ce1afa3201c7d9fbf7e440289c26192ec
              • Instruction Fuzzy Hash: E7418333B24A82D6E721DF60D8896EA6764FB8AB84F405032DE4D97A95DF38DA05C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B21918: GetProcessHeap.KERNEL32 ref: 00007FF674B21921
                • Part of subcall function 00007FF674B21918: HeapAlloc.KERNEL32 ref: 00007FF674B21938
              • SysFreeString.OLEAUT32 ref: 00007FF674B2F8F7
              • SysAllocString.OLEAUT32 ref: 00007FF674B2F906
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: AllocHeapString$FreeProcess
              • String ID: UE00
              • API String ID: 1731201402-1381591544
              • Opcode ID: 17f6459c08468355882be02e51cb817c036a6b031ab243b14968363aebf39485
              • Instruction ID: f601c57b8f3f14d9b4eeb56b4f711614337ca03ddc5dc2b334c8613e64450f7d
              • Opcode Fuzzy Hash: 17f6459c08468355882be02e51cb817c036a6b031ab243b14968363aebf39485
              • Instruction Fuzzy Hash: 4B312573A18B46C2EB54CB25E498369A7A0FB9AF88F154135CA4C87794DF3CE985C780
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: FreeString
              • String ID: dsp$https://ieonline.microsoft.com/EUPP/v1/service?action=downloadcert&appid=Microsoft_IE_EUPP
              • API String ID: 3341692771-2070162375
              • Opcode ID: ea82bb1b2e86758c26f27e03943679567735807967125d430fb171332bbd3d41
              • Instruction ID: 16492d48140288849c4abe4938f8a96f9e0df671cac4d40e7a1031f52016e670
              • Opcode Fuzzy Hash: ea82bb1b2e86758c26f27e03943679567735807967125d430fb171332bbd3d41
              • Instruction Fuzzy Hash: 0A213233A28B81C3E720CB11E8887AAB360F786B95F654135E68D87A58DF7DDC45CB00
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • SysAllocString.OLEAUT32 ref: 00007FF674B2FCEC
                • Part of subcall function 00007FF674B2163C: SysStringLen.OLEAUT32 ref: 00007FF674B21654
                • Part of subcall function 00007FF674B2163C: VarBstrCat.OLEAUT32 ref: 00007FF674B21676
                • Part of subcall function 00007FF674B2163C: SysFreeString.OLEAUT32 ref: 00007FF674B2168B
              • SysFreeString.OLEAUT32 ref: 00007FF674B2FD67
                • Part of subcall function 00007FF674B303C4: StrCmpICW.SHLWAPI ref: 00007FF674B303EB
                • Part of subcall function 00007FF674B303C4: StrCmpICW.SHLWAPI ref: 00007FF674B30402
                • Part of subcall function 00007FF674B303C4: StrCmpICW.SHLWAPI ref: 00007FF674B30419
                • Part of subcall function 00007FF674B303C4: StrCmpICW.SHLWAPI ref: 00007FF674B30430
                • Part of subcall function 00007FF674B303C4: StrCmpICW.SHLWAPI ref: 00007FF674B30447
                • Part of subcall function 00007FF674B303C4: StrCmpICW.SHLWAPI ref: 00007FF674B3045A
                • Part of subcall function 00007FF674B303C4: StrCmpICW.SHLWAPI ref: 00007FF674B3046D
                • Part of subcall function 00007FF674B303C4: StrCmpICW.SHLWAPI ref: 00007FF674B30480
                • Part of subcall function 00007FF674B303C4: SysFreeString.OLEAUT32 ref: 00007FF674B30554
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: String$Free$AllocBstr
              • String ID: &pc=
              • API String ID: 3761010647-3864277979
              • Opcode ID: 495250f1939ba078fde6df1210045a948100059ffbccb603cf9ed9970849383b
              • Instruction ID: 1aab803b0e4902ccc23b1fd5ab200c58c83aad4592416e5026252e2ab2440834
              • Opcode Fuzzy Hash: 495250f1939ba078fde6df1210045a948100059ffbccb603cf9ed9970849383b
              • Instruction Fuzzy Hash: 1D112B27728A46C2EA00DB69E4D8279A760FF8AF80F544032DB4D87B65DF7DE845C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • SHGetFolderPathW.SHELL32 ref: 00007FF674B2647C
                • Part of subcall function 00007FF674B2AD88: wcsncmp.MSVCRT(?,?,?,?,00000000,00007FF674B3D7D9), ref: 00007FF674B2ADB9
              • SHCreateDirectoryExW.SHELL32 ref: 00007FF674B264BD
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CreateDirectoryFolderPathwcsncmp
              • String ID: Microsoft\Internet Explorer
              • API String ID: 3141627564-1876886251
              • Opcode ID: 1c2af6220a707ccd682d11e67623f8456c1b84ebb8a8ad24e50317dee8785dd5
              • Instruction ID: 2631bf3a8208af7c8bd2365398a409e96d75c7f04ce87376681d735493fc3972
              • Opcode Fuzzy Hash: 1c2af6220a707ccd682d11e67623f8456c1b84ebb8a8ad24e50317dee8785dd5
              • Instruction Fuzzy Hash: 63119B22738B82C2FB64DB29A89937AA650EF8AFC4F445035DD5EC2785CE3CE8058600
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CreateFreeInstanceTask
              • String ID: StartMenuInternet
              • API String ID: 1992417041-1263441292
              • Opcode ID: 65c8765938c7bb8866d2c749a4acafbd5c50305eb6919e8ef7d4a0c0e61d20e9
              • Instruction ID: 172c8b4fc38ebeaf97f94ecd96a02d5e005bc4665b3a53e1ff6eb58b3edc49a1
              • Opcode Fuzzy Hash: 65c8765938c7bb8866d2c749a4acafbd5c50305eb6919e8ef7d4a0c0e61d20e9
              • Instruction Fuzzy Hash: 0211E727628B55C2EB408F16E4C8169B7B4FB8AF80B658135CA5D83764DE3ED885C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B21574: _vsnwprintf.MSVCRT ref: 00007FF674B215B4
              • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32 ref: 00007FF674B494B0
              • GetLastError.KERNEL32 ref: 00007FF674B494C0
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: DescriptorSecurity$ConvertErrorLastString_vsnwprintf
              • String ID: D:(A;;GA;;;SY)(A;;0x%x;;;%s)S:(ML;;1;;;LW)
              • API String ID: 3097636412-633327700
              • Opcode ID: 32a868900130f10a07f37e7b23fbb0cfe4507fe9e9fc30f5f8502ae82d30c165
              • Instruction ID: 0674c26a59bf338a14e321a716d90e73191d3506e06bf001e9a85b0b2e7a9af8
              • Opcode Fuzzy Hash: 32a868900130f10a07f37e7b23fbb0cfe4507fe9e9fc30f5f8502ae82d30c165
              • Instruction Fuzzy Hash: 2911A532718B82C7E7609B69E4D83A672D0FB8AB84F404131DA4DC7655DF3CD504C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • #74.IERTUTIL(?,?,00000000,00007FF674B2F241,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B352B2
              • CreateMutexW.KERNEL32(?,?,00000000,00007FF674B2F241,?,?,00000000,00007FF674B2F16B), ref: 00007FF674B352D8
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: CreateMutex
              • String ID: {5312EE61-79E3-4A24-BFE1-132B85B23C3A}
              • API String ID: 1964310414-3805012793
              • Opcode ID: 7ca0a33b2076965cf598197e6da4bd3776b2a59d60b31e521d2ef4472e6c764b
              • Instruction ID: 4c47a30eeaf6b478f12c3f3355189e85f25904bdf5c3e9e40824824a8ffac6fb
              • Opcode Fuzzy Hash: 7ca0a33b2076965cf598197e6da4bd3776b2a59d60b31e521d2ef4472e6c764b
              • Instruction Fuzzy Hash: 94F01C33615B85D7D7088FA5F984069B6A1FB49B40785C439DA0E83314DF38E8A4C704
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
                • Part of subcall function 00007FF674B266E8: GetLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26721
                • Part of subcall function 00007FF674B266E8: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B21A63), ref: 00007FF674B26799
                • Part of subcall function 00007FF674B266E8: PostThreadMessageW.USER32 ref: 00007FF674B267B9
              • CoInitializeEx.OLE32 ref: 00007FF674B22AFE
                • Part of subcall function 00007FF674B27D24: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,00007FF674B22B13), ref: 00007FF674B27D69
                • Part of subcall function 00007FF674B27D24: RegQueryValueExW.ADVAPI32(?,?,?,?,?,00007FF674B22B13), ref: 00007FF674B27D94
                • Part of subcall function 00007FF674B27D24: RegCloseKey.ADVAPI32(?,?,?,?,?,00007FF674B22B13), ref: 00007FF674B27DB2
                • Part of subcall function 00007FF674B27D24: RegOpenKeyExW.ADVAPI32(?,?,?,?,?,00007FF674B22B13), ref: 00007FF674B27DF2
                • Part of subcall function 00007FF674B27D24: RegQueryValueExW.ADVAPI32 ref: 00007FF674B27E2C
                • Part of subcall function 00007FF674B27D24: RegCloseKey.ADVAPI32 ref: 00007FF674B27E50
                • Part of subcall function 00007FF674B2607C: CoInitializeEx.OLE32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF674B22A2C), ref: 00007FF674B260CC
                • Part of subcall function 00007FF674B2607C: RegOpenKeyExW.ADVAPI32 ref: 00007FF674B262B2
              • CoUninitialize.OLE32 ref: 00007FF674B22B20
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Open$CloseInitializeMessageQueryValue$FormatLocalPostThreadTimeUninitialize
              • String ID: In CmdApplySpadSettingsDuringMigration
              • API String ID: 2480159940-3820774719
              • Opcode ID: 4174367b1b6ce160e34bf50ea1cbdb3962c900a571d6c64543995f93222ddfab
              • Instruction ID: ce68a50f41c62e1abeaa1e1fe0419771f0fde7324b407cfd98e809d61ec5cd91
              • Opcode Fuzzy Hash: 4174367b1b6ce160e34bf50ea1cbdb3962c900a571d6c64543995f93222ddfab
              • Instruction Fuzzy Hash: F1E0C922A28502C6E705AB31E8891B9E6A1EF8BF41F848175C10EC21A1DE2DED86C600
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$FreeProcess
              • String ID:
              • API String ID: 3859560861-0
              • Opcode ID: f997c205010fc288fd5a0b7228d4dcfc87ea2b7f868bf142573f121389f65ca2
              • Instruction ID: 31957668dd7b617868b6b591f23ab7d5cec0e23418f6d52680bb59ed3e0082ca
              • Opcode Fuzzy Hash: f997c205010fc288fd5a0b7228d4dcfc87ea2b7f868bf142573f121389f65ca2
              • Instruction Fuzzy Hash: F5B17E37A18B91C9EB10CFA9E4841AD77B0FB4AB88F144125EE8C57B59DF78D865C700
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$FreeProcess$memmove_s
              • String ID:
              • API String ID: 2685253353-0
              • Opcode ID: 9f2f6f9ad99aa444c833984ef1cebe2f90c4001b7b8e9d91fe6567ba2f5a6c7a
              • Instruction ID: 2470a22a66e0053a32ae65f7fa55113586847925f0dde1380dc583cfb2391825
              • Opcode Fuzzy Hash: 9f2f6f9ad99aa444c833984ef1cebe2f90c4001b7b8e9d91fe6567ba2f5a6c7a
              • Instruction Fuzzy Hash: D941C133A28B81C6EB509F2AA4886A9B7A1FB8BFC4F549131DE4C53755CF38D895C300
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$FreeProcess
              • String ID:
              • API String ID: 3859560861-0
              • Opcode ID: ca1b178f4e981ad6c83a3b974d5f4151b27e41fa69016bcf32e1961a2c0f62a6
              • Instruction ID: 4b342cf05d01972b0f174fcfd74d5a6e8b29e134d8960d2cfe321ed7255668d4
              • Opcode Fuzzy Hash: ca1b178f4e981ad6c83a3b974d5f4151b27e41fa69016bcf32e1961a2c0f62a6
              • Instruction Fuzzy Hash: 26315A27A14F94CAD3418F29A550269BB70F79AF94F18A224CF8C27715DF34E4E6C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: ErrorLast$ByteCharMultiWide
              • String ID:
              • API String ID: 3361762293-0
              • Opcode ID: b4f58859e37be3f3b7ad670dfdef44e1a5b743730d720ea0daa23d3b524f62fa
              • Instruction ID: 781bb11086b64758ed81271b1f8dc82a6c2835d159692a7332e280b33a8fa3bd
              • Opcode Fuzzy Hash: b4f58859e37be3f3b7ad670dfdef44e1a5b743730d720ea0daa23d3b524f62fa
              • Instruction Fuzzy Hash: 60118273B18B82CAE7104B69A898239A6E1FF8AFC4B548634CB4DC3354DF3CD8149704
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$FreeProcess
              • String ID:
              • API String ID: 3859560861-0
              • Opcode ID: e6166cf67018527b7d24403ca42b15034a47335c61b1ee02af31a56968c68bc2
              • Instruction ID: 8692ad10ae9c73504c4e4650e1cd5566985c3f12bac954d60de908892c2874d5
              • Opcode Fuzzy Hash: e6166cf67018527b7d24403ca42b15034a47335c61b1ee02af31a56968c68bc2
              • Instruction Fuzzy Hash: 1D110636A14B51C7EB008F66F5440ADBBA0FB8AF94B598125DB8E47718DF38E896C740
              Uniqueness

              Uniqueness Score: -1.00%

              APIs
              • GetProcessHeap.KERNEL32(?,?,00000000,00007FF674B3440C,?,?,00000001,00007FF674B3424C), ref: 00007FF674B3444D
              • HeapFree.KERNEL32(?,?,00000000,00007FF674B3440C,?,?,00000001,00007FF674B3424C), ref: 00007FF674B34461
              • GetProcessHeap.KERNEL32(?,?,00000000,00007FF674B3440C,?,?,00000001,00007FF674B3424C), ref: 00007FF674B3447C
              • HeapFree.KERNEL32(?,?,00000000,00007FF674B3440C,?,?,00000001,00007FF674B3424C), ref: 00007FF674B34490
              Memory Dump Source
              • Source File: 00000000.00000002.2099260182.00007FF674B21000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF674B20000, based on PE: true
              • Associated: 00000000.00000002.2099242774.00007FF674B20000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099286845.00007FF674B4E000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099313401.00007FF674B5E000.00000004.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B60000.00000002.00000001.01000000.00000003.sdmpDownload File
              • Associated: 00000000.00000002.2099334936.00007FF674B63000.00000002.00000001.01000000.00000003.sdmpDownload File
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ff674b20000_ie4uinit.jbxd
              Similarity
              • API ID: Heap$FreeProcess
              • String ID:
              • API String ID: 3859560861-0
              • Opcode ID: ac170bec7fb499c84ffd4a3d003431d913de9733b2990d02a0c697f4c453ab48
              • Instruction ID: 15cff20b3f64b153bdabfaa7fe80912eb8ea6aa461f55cb171a75b4e7836aca6
              • Opcode Fuzzy Hash: ac170bec7fb499c84ffd4a3d003431d913de9733b2990d02a0c697f4c453ab48
              • Instruction Fuzzy Hash: 20017C36A28A92C6D7149B56B958079BBA0FB8BFD0B48D130DF9D43B18CF38E8418700
              Uniqueness

              Uniqueness Score: -1.00%