Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.FileRepPup.9888.7317.exe

Overview

General Information

Sample name:SecuriteInfo.com.FileRepPup.9888.7317.exe
Analysis ID:1401813
MD5:3490dc6fe080b01509ae7adf52d6f3d0
SHA1:84ed7d674daa4b8fc5db1f40c2d22b052c678672
SHA256:a96982e8c7c60161303db9df2235268a7be9a2dac2fd5fdd12ba317cd7259cb0
Tags:exe
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Contains functionality to infect the boot sector
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Detected potential crypto function
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found potential string decryption / allocating functions
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeReversingLabs: Detection: 50%
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeVirustotal: Detection: 50%Perma Link
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0055C861 FindFirstFileW,_wcsstr,_wcschr,FindNextFileW,0_2_0055C861
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0055CB00 PathRemoveFileSpecW,PathCombineW,PathCombineW,PathCombineW,FindFirstFileW,FindNextFileW,PathCombineW,FindNextFileW,PathCombineW,0_2_0055CB00
Source: global trafficHTTP traffic detected: GET /inst/get3 HTTP/1.1Accept: */*Accept-Language: zh-CN,zh;q=0.9Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.4044.92 Safari/537.36Host: softmgr-cfg.ludashi.comContent-Length: 184Cache-Control: no-cacheData Raw: 54 43 54 79 36 30 49 76 77 39 5a 57 4d 46 34 56 4e 45 79 50 6b 45 2b 37 4a 6b 55 4f 79 45 34 48 62 6e 79 2b 75 50 78 7a 38 74 72 76 2b 47 4f 6b 54 4d 58 6a 79 41 50 36 58 61 49 47 35 75 73 6c 72 4e 55 6c 34 53 51 35 43 31 77 4e 77 2b 71 6d 58 65 5a 73 75 64 52 6a 73 62 65 6a 4d 2b 42 75 65 6e 2f 79 6e 2f 4f 6a 56 34 2f 59 36 4c 35 49 36 73 64 4a 43 57 36 44 6a 38 44 57 52 6c 37 4c 48 5a 54 49 47 39 7a 71 58 68 58 67 59 6d 6e 57 5a 50 46 36 67 64 6c 46 79 74 56 79 71 72 76 79 4d 6a 6d 62 50 70 76 6c 33 71 38 37 73 4e 4c 71 46 63 50 73 67 41 3d 3d Data Ascii: TCTy60Ivw9ZWMF4VNEyPkE+7JkUOyE4Hbny+uPxz8trv+GOkTMXjyAP6XaIG5uslrNUl4SQ5C1wNw+qmXeZsudRjsbejM+Buen/yn/OjV4/Y6L5I6sdJCW6Dj8DWRl7LHZTIG9zqXhXgYmnWZPF6gdlFytVyqrvyMjmbPpvl3q87sNLqFcPsgA==
Source: global trafficHTTP traffic detected: GET /url2?pid=buysite_00&type=xzq&action=run&appver=6.1023.1185.719&modver=6.1023.1185.719&mid=6039146e22b008fbd61fc0617475e9aa&ex_ary[siteid]=&ex_ary[softid]=&ex_ary[os]=10.0.19045&ex_ary[sr]=0&ex_ary[bit]=1&ex_ary[tagid]= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.ludashi.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: POST /downloader/soft/reportNew HTTP/1.1Accept: */*Accept-Language: zh-CN,zh;q=0.9Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.4044.92 Safari/537.36Host: softmgr-stat.ludashi.comContent-Length: 288Cache-Control: no-cacheData Raw: 38 6a 34 39 4e 37 65 56 70 61 68 37 6b 78 4c 61 47 39 2b 4b 63 54 77 56 65 71 78 71 34 37 69 48 72 69 43 45 75 49 64 69 4e 53 66 51 58 31 52 75 4a 47 62 78 69 44 6a 66 4d 37 6e 72 43 79 6e 41 68 2b 30 5a 6d 78 5a 78 36 72 71 45 6f 6e 32 50 5a 49 53 39 73 76 4d 6b 31 65 52 2b 33 30 55 6c 69 6e 47 31 73 4c 76 63 49 6b 4d 52 51 70 43 72 72 43 46 46 64 74 37 52 52 67 4d 46 35 43 78 56 32 58 33 2b 2f 39 53 32 32 44 49 74 47 57 43 30 73 4b 50 33 48 7a 36 53 45 32 79 30 6f 6e 52 44 36 42 2f 50 6c 61 42 31 57 53 51 61 71 46 7a 6f 30 65 34 59 6a 37 73 59 69 61 2b 50 32 58 37 5a 33 56 4d 79 41 68 76 56 78 45 54 50 4a 31 49 70 45 74 78 6b 58 57 43 49 44 4f 38 6f 30 6f 41 32 7a 6d 4f 79 33 4c 55 37 36 58 37 38 54 46 2b 45 4e 69 58 6b 7a 32 7a 79 47 46 6a 31 6b 35 79 32 64 69 63 4a 56 31 52 7a 36 34 37 47 54 31 35 61 70 76 68 6b 57 55 2f 6b 71 4b 79 31 4e 58 64 69 Data Ascii: 8j49N7eVpah7kxLaG9+KcTwVeqxq47iHriCEuIdiNSfQX1RuJGbxiDjfM7nrCynAh+0ZmxZx6rqEon2PZIS9svMk1eR+30UlinG1sLvcIkMRQpCrrCFFdt7RRgMF5CxV2X3+/9S22DItGWC0sKP3Hz6SE2y0onRD6B/PlaB1WSQaqFzo0e4Yj7sYia+P2X7Z3VMyAhvVxETPJ1IpEtxkXWCIDO8o0oA2zmOy3LU76X78TF+ENiXkz2zyGFj1k5y2dicJV1Rz647GT15apvhkWU/kqKy1NXdi
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0053DB10 URLDownloadToCacheFileW,DeleteFileW,0_2_0053DB10
Source: global trafficHTTP traffic detected: GET /inst/get3 HTTP/1.1Accept: */*Accept-Language: zh-CN,zh;q=0.9Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.4044.92 Safari/537.36Host: softmgr-cfg.ludashi.comContent-Length: 184Cache-Control: no-cacheData Raw: 54 43 54 79 36 30 49 76 77 39 5a 57 4d 46 34 56 4e 45 79 50 6b 45 2b 37 4a 6b 55 4f 79 45 34 48 62 6e 79 2b 75 50 78 7a 38 74 72 76 2b 47 4f 6b 54 4d 58 6a 79 41 50 36 58 61 49 47 35 75 73 6c 72 4e 55 6c 34 53 51 35 43 31 77 4e 77 2b 71 6d 58 65 5a 73 75 64 52 6a 73 62 65 6a 4d 2b 42 75 65 6e 2f 79 6e 2f 4f 6a 56 34 2f 59 36 4c 35 49 36 73 64 4a 43 57 36 44 6a 38 44 57 52 6c 37 4c 48 5a 54 49 47 39 7a 71 58 68 58 67 59 6d 6e 57 5a 50 46 36 67 64 6c 46 79 74 56 79 71 72 76 79 4d 6a 6d 62 50 70 76 6c 33 71 38 37 73 4e 4c 71 46 63 50 73 67 41 3d 3d Data Ascii: TCTy60Ivw9ZWMF4VNEyPkE+7JkUOyE4Hbny+uPxz8trv+GOkTMXjyAP6XaIG5uslrNUl4SQ5C1wNw+qmXeZsudRjsbejM+Buen/yn/OjV4/Y6L5I6sdJCW6Dj8DWRl7LHZTIG9zqXhXgYmnWZPF6gdlFytVyqrvyMjmbPpvl3q87sNLqFcPsgA==
Source: global trafficHTTP traffic detected: GET /url2?pid=buysite_00&type=xzq&action=run&appver=6.1023.1185.719&modver=6.1023.1185.719&mid=6039146e22b008fbd61fc0617475e9aa&ex_ary[siteid]=&ex_ary[softid]=&ex_ary[os]=10.0.19045&ex_ary[sr]=0&ex_ary[bit]=1&ex_ary[tagid]= HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: s.ludashi.comConnection: Keep-Alive
Source: unknownDNS traffic detected: queries for: softmgr-cfg.ludashi.com
Source: unknownHTTP traffic detected: POST /downloader/soft/reportNew HTTP/1.1Accept: */*Accept-Language: zh-CN,zh;q=0.9Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.4044.92 Safari/537.36Host: softmgr-stat.ludashi.comContent-Length: 288Cache-Control: no-cacheData Raw: 38 6a 34 39 4e 37 65 56 70 61 68 37 6b 78 4c 61 47 39 2b 4b 63 54 77 56 65 71 78 71 34 37 69 48 72 69 43 45 75 49 64 69 4e 53 66 51 58 31 52 75 4a 47 62 78 69 44 6a 66 4d 37 6e 72 43 79 6e 41 68 2b 30 5a 6d 78 5a 78 36 72 71 45 6f 6e 32 50 5a 49 53 39 73 76 4d 6b 31 65 52 2b 33 30 55 6c 69 6e 47 31 73 4c 76 63 49 6b 4d 52 51 70 43 72 72 43 46 46 64 74 37 52 52 67 4d 46 35 43 78 56 32 58 33 2b 2f 39 53 32 32 44 49 74 47 57 43 30 73 4b 50 33 48 7a 36 53 45 32 79 30 6f 6e 52 44 36 42 2f 50 6c 61 42 31 57 53 51 61 71 46 7a 6f 30 65 34 59 6a 37 73 59 69 61 2b 50 32 58 37 5a 33 56 4d 79 41 68 76 56 78 45 54 50 4a 31 49 70 45 74 78 6b 58 57 43 49 44 4f 38 6f 30 6f 41 32 7a 6d 4f 79 33 4c 55 37 36 58 37 38 54 46 2b 45 4e 69 58 6b 7a 32 7a 79 47 46 6a 31 6b 35 79 32 64 69 63 4a 56 31 52 7a 36 34 37 47 54 31 35 61 70 76 68 6b 57 55 2f 6b 71 4b 79 31 4e 58 64 69 Data Ascii: 8j49N7eVpah7kxLaG9+KcTwVeqxq47iHriCEuIdiNSfQX1RuJGbxiDjfM7nrCynAh+0ZmxZx6rqEon2PZIS9svMk1eR+30UlinG1sLvcIkMRQpCrrCFFdt7RRgMF5CxV2X3+/9S22DItGWC0sKP3Hz6SE2y0onRD6B/PlaB1WSQaqFzo0e4Yj7sYia+P2X7Z3VMyAhvVxETPJ1IpEtxkXWCIDO8o0oA2zmOy3LU76X78TF+ENiXkz2zyGFj1k5y2dicJV1Rz647GT15apvhkWU/kqKy1NXdi
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1692537414.00000000043C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wikipedia
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://ocsp.digicert.com0C
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://ocsp.digicert.com0N
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887086887.00000000013FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/sha2-assured-cs-g1.crlhttp://crl4.digicert.com/sha2
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887086887.00000000013FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl4.digicert.com/DigiCertAssuredIDRootCA.crlhttp://crl3.digicert.com
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://s.ludashi.com/url2?pid=
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2888105896.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1707599847.0000000001488000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674130869.000000000311F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1707599847.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675281292.000000000311F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675304986.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1932987618.00000000014A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674971674.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887404731.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.0000000001469000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.00000000014A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.ludashi.com/url2?pid=buysite_00&type=xzq&action=run&appver=6.1023.1185.719&modver=6.1023.11
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://s.symcd.com06
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887086887.00000000013FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://s.symcd.comhttp://s.symcb.com/universal-root.crl
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887302077.0000000001488000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675304986.000000000148D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2888105896.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1707599847.0000000001488000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674971674.000000000148C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://softmgr-cfg.ludashi.com/inst/get3
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887302077.0000000001488000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675304986.000000000148D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1707599847.0000000001488000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674971674.000000000148C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.0000000001469000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://softmgr-cfg.ludashi.com/inst/get3L
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2888105896.00000000030F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://softmgr-cfg.ludashi.com/inst/get3N
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://softmgr-cfg.ludashi.com/inst/get3ck(W
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2888105896.00000000030F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://softmgr-cfg.ludashi.com/inst/get3mui2
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.0000000001469000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.00000000014A1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://softmgr-stat.ludashi.com/downloader/soft/reportNew
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://softmgr-stat.ludashi.com/downloader/soft/reportNewdeque
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887086887.00000000013FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.comhttp://ts-crl.ws.symantec.com/sha256-tss-ca.crltm
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1689077775.00000000043C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1688722667.00000000043C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.com
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://www.digicert.com/CPS0
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1695293617.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697840712.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698251066.00000000043ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1695363791.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1695293617.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1695223996.00000000043ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers$
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697985402.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697899627.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697787406.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697840712.00000000043ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702446920.00000000043B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702446920.00000000043B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmld
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1701298555.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1701390493.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1695223996.00000000043ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersK?g
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703908018.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703862214.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698179641.00000000043ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersa?
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697840712.00000000043ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersd
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698131487.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698390904.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698322380.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698179641.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698251066.00000000043ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers~?
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1678330486.00000000043D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1678739563.00000000043D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1678429699.00000000043D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1678429699.00000000043D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.comic
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1684870444.00000000043C2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1684047263.00000000043C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1684870444.00000000043C2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1684047263.00000000043C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cns-e
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703145200.00000000043BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702446920.00000000043B9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702482597.00000000043BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703112092.00000000043B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: http://www.ludashi.com/lisence.html
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.ludashi.com/lisence.htmlerror
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1677412480.00000000043D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com;
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703145200.00000000043BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702446920.00000000043B9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702482597.00000000043BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703112092.00000000043B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1681663896.00000000043D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.comErtY
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1689077775.00000000043C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1688722667.00000000043C4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cnkn
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887086887.00000000013FE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn-file-ssl-pc.ludashi.com/pc/installer/ludashi_home_20221101.dll
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: https://d.symcb.com/cps0%
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: https://d.symcb.com/rpa0
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: https://d.symcb.com/rpa0.
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2888105896.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674130869.000000000311F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675281292.000000000311F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com$
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: https://paint-s.ludashi.com/allcommon?ptype=thundercdn&s=
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://paint-s.ludashi.com/allcommon?ptype=thundercdn&s=CProgressPage::RecheckDownloadTaskhttp_info
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: https://www.digicert.com/CPS0
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: https://www.ludashi.com
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeString found in binary or memory: https://www.ludashi.com/page/contact.php
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.ludashi.comhttps://www.ludashi.com/page/contact.phpnx
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory allocated: 76E70000 page execute and read and writeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0055CD30 _wcsrchr,_wcsstr,_wcsstr,StrStrIW,NtOpenFile,0_2_0055CD30
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_00527750 CoInitialize,NtdllDefWindowProc_W,SHGetSpecialFolderPathW,PathAppendW,RtlEnterCriticalSection,RtlLeaveCriticalSection,0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0051E190 NtdllDefWindowProc_W,0_2_0051E190
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_00514A40 NtdllDefWindowProc_W,0_2_00514A40
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0053EAD0 NtdllDefWindowProc_W,0_2_0053EAD0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0051CA80 NtdllDefWindowProc_W,0_2_0051CA80
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_00571C30: CreateFileW,DeviceIoControl,0_2_00571C30
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0054E0100_2_0054E010
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0056E0800_2_0056E080
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0054E1800_2_0054E180
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_005642400_2_00564240
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_005142900_2_00514290
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0055A7C00_2_0055A7C0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0054E7A00_2_0054E7A0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0057A8710_2_0057A871
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_005928290_2_00592829
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0057AAA00_2_0057AAA0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_00564B000_2_00564B00
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0057ACCF0_2_0057ACCF
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0052ACB00_2_0052ACB0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_00528D400_2_00528D40
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_00598E720_2_00598E72
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_00548E0E0_2_00548E0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0057AF2C0_2_0057AF2C
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_005590D00_2_005590D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0056D0B00_2_0056D0B0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0056F1500_2_0056F150
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_005412200_2_00541220
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_005032D00_2_005032D0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_005593E00_2_005593E0
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: String function: 00507E20 appears 42 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: String function: 00505800 appears 86 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: String function: 00522D10 appears 44 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: String function: 0050BCE0 appears 50 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: String function: 0058CD7F appears 160 times
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: fwpolicyiomgr.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: netbios.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeSection loaded: textshaping.dllJump to behavior
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal48.evad.winEXE@1/2@3/3
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0052C9B7 GetDiskFreeSpaceExW,GetDiskFreeSpaceExW,0_2_0052C9B7
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0055DA06 SetThreadPriority,CreateToolhelp32Snapshot,Thread32First,SetThreadPriority,0_2_0055DA06
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_00517160 SizeofResource,0_2_00517160
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeFile created: C:\Program Files (x86)\LudashiJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\get3[1].htmJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMutant created: \Sessions\1\BaseNamedObjects\CUSERSuserAPPDATAROAMINGDOWNLOADERDOWNLOADERLOG
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMutant created: \Sessions\1\BaseNamedObjects\ThunderMissionDownloadingMutex
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: 8xZ0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: [I]0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: [I]0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: [I]0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: xzq0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: run0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: [I]0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: (null)0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: (null)0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: v_0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCommand line argument: 8xZ0_2_00527750
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeReversingLabs: Detection: 50%
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeVirustotal: Detection: 50%
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeStatic PE information: certificate valid
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeStatic file information: File size 5187472 > 1048576
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeStatic PE information: Raw size of .upx1 is bigger than: 0x100000 < 0x485c00
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0055C654 LoadLibraryW,GetProcAddress,PathAppendW,GetProcAddress,0_2_0055C654
Source: initial sampleStatic PE information: section where entry point is pointing to: .upx1
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeStatic PE information: section name: .upx0
Source: SecuriteInfo.com.FileRepPup.9888.7317.exeStatic PE information: section name: .upx1
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0060E350 push ecx; ret 0_2_0060E363
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0054C427 push ecx; ret 0_2_0054C43A
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0054C906 push ecx; ret 0_2_0054C919

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: CreateFileW,DeviceIoControl, \\.\PhysicalDrive%d0_2_00571C30

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: CreateFileW,DeviceIoControl, \\.\PhysicalDrive%d0_2_00571C30

Hooking and other Techniques for Hiding and Protection

barindex
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 13D0005 value: E9 2B BA AF 75 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 76ECBA30 value: E9 DA 45 50 8A Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 13E0008 value: E9 8B 8E B3 75 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 76F18E90 value: E9 80 71 4C 8A Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 2ED0005 value: E9 8B 4D D2 72 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 75BF4D90 value: E9 7A B2 2D 8D Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 2F00005 value: E9 EB EB D0 72 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 75C0EBF0 value: E9 1A 14 2F 8D Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 2F10005 value: E9 8B 8A 0C 72 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 74FD8A90 value: E9 7A 75 F3 8D Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 2F20005 value: E9 2B 02 0E 72 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeMemory written: PID: 7300 base: 75000230 value: E9 DA FD F1 8D Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_00548E0E GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00548E0E
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOTJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: SBIEDLL.DLL
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeRDTSC instruction interceptor: First address: 0000000000652B2C second address: 0000000000652B32 instructions: 0x00000000 rdtsc 0x00000002 movsx eax, sp 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\0001 name: DriverDescJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0055C861 FindFirstFileW,_wcsstr,_wcschr,FindNextFileW,0_2_0055C861
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0055CB00 PathRemoveFileSpecW,PathCombineW,PathCombineW,PathCombineW,FindFirstFileW,FindNextFileW,PathCombineW,FindNextFileW,PathCombineW,0_2_0055CB00
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0055CFF0 GetSystemInfo,0_2_0055CFF0
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887302077.0000000001488000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675304986.000000000148D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1707599847.0000000001488000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674971674.000000000148C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.0000000001469000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX)M
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675304986.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1707599847.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887404731.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674971674.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.00000000014DB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1932987618.00000000014DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1707599847.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675304986.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1932987618.00000000014A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674971674.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887404731.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.00000000014A1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0055C654 LoadLibraryW,GetProcAddress,PathAppendW,GetProcAddress,0_2_0055C654
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeCode function: 0_2_0054C524 cpuid 0_2_0054C524
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
Bootkit		1
DLL Side-Loading		2
Masquerading		1
Credential API Hooking		1
Query Registry		Remote Services1
Credential API Hooking		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		1
DLL Side-Loading		Boot or Logon Initialization Scripts2
Virtualization/Sandbox Evasion		LSASS Memory221
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager2
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS2
Process Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Bootkit		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials135
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.FileRepPup.9888.7317.exe50%ReversingLabsWin32.PUA.SoftCnapp
SecuriteInfo.com.FileRepPup.9888.7317.exe50%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.tiro.com0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
http://www.sajatypeworks.com;0%Avira URL Cloudsafe
http://www.tiro.comErtY0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
http://www.carterandcone.com0%Avira URL Cloudsafe
http://www.fonts.comic0%Avira URL Cloudsafe
https://www.ludashi.comhttps://www.ludashi.com/page/contact.phpnx0%Avira URL Cloudsafe
http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
http://www.zhongyicts.com.cnkn0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
http://en.wikipedia0%Avira URL Cloudsafe
http://www.zhongyicts.com.cn1%VirustotalBrowse
http://www.founder.com.cn/cn/0%Avira URL Cloudsafe
http://www.founder.com.cn/cn0%Avira URL Cloudsafe
http://www.founder.com.cn/cns-e0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
http://www.founder.com.cn/cn/0%VirustotalBrowse
http://www.founder.com.cn/cn0%VirustotalBrowse
http://www.carterandcone.com0%VirustotalBrowse
http://www.founder.com.cn/cns-e1%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
softmgr-cfg.ludashi.com
49.4.55.6
truefalse
    		high
    softmgr-stat.ludashi.com
    		114.115.204.103
    		truefalse
      		high
      s.ludashi.com
      		47.117.77.180
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://softmgr-cfg.ludashi.com/inst/get3false
          		high
          http://softmgr-stat.ludashi.com/downloader/soft/reportNewfalse
            		high
            http://s.ludashi.com/url2?pid=buysite_00&type=xzq&action=run&appver=6.1023.1185.719&modver=6.1023.1185.719&mid=6039146e22b008fbd61fc0617475e9aa&ex_ary[siteid]=&ex_ary[softid]=&ex_ary[os]=10.0.19045&ex_ary[sr]=0&ex_ary[bit]=1&ex_ary[tagid]=false
              		high

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://s.ludashi.com/url2?pid=SecuriteInfo.com.FileRepPup.9888.7317.exe, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpfalse
                		high
                http://www.fontbureau.com/designersGSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://softmgr-stat.ludashi.com/downloader/soft/reportNewdequeSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpfalse
                    		high
                    http://www.fontbureau.com/designers/?SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.founder.com.cn/cn/bTheSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                      • 0%, Virustotal, Browse
                      • Avira URL Cloud: safe
                      		unknown
                      http://softmgr-cfg.ludashi.com/inst/get3LSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887302077.0000000001488000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675304986.000000000148D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1707599847.0000000001488000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674971674.000000000148C000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.0000000001469000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://www.fontbureau.com/designers?SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://www.ludashi.comSecuriteInfo.com.FileRepPup.9888.7317.exefalse
                            		high
                            http://www.sajatypeworks.com;SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1677412480.00000000043D1000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://www.tiro.comSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://softmgr-cfg.ludashi.com/inst/get3NSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2888105896.00000000030F0000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.com/designers~?SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698131487.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698390904.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698322380.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698179641.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698251066.00000000043ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://www.fontbureau.com/designersSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1695293617.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697840712.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698251066.00000000043ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.tiro.comErtYSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1681663896.00000000043D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.fontbureau.com/designersa?SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703908018.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703862214.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1698179641.00000000043ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.goodfont.co.krSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.carterandcone.comSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1689077775.00000000043C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1688722667.00000000043C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.ludashi.com/page/contact.phpSecuriteInfo.com.FileRepPup.9888.7317.exefalse
                                      		high
                                      http://www.sajatypeworks.comSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.typography.netDSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cn/cTheSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703145200.00000000043BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702446920.00000000043B9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702482597.00000000043BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703112092.00000000043B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fonts.comicSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1678429699.00000000043D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://www.ludashi.comhttps://www.ludashi.com/page/contact.phpnxSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.com/designersdSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697840712.00000000043ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fonts.comSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1678330486.00000000043D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1678739563.00000000043D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1678429699.00000000043D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.sandoll.co.krSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.urwpp.deDPleaseSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.zhongyicts.com.cnSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • 1%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.sakkal.comSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703145200.00000000043BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702446920.00000000043B9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702482597.00000000043BE000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1703112092.00000000043B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.zhongyicts.com.cnknSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1689077775.00000000043C4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1688722667.00000000043C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.comSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.ludashi.com/lisence.htmlSecuriteInfo.com.FileRepPup.9888.7317.exefalse
                                                		high
                                                https://paint-s.ludashi.com/allcommon?ptype=thundercdn&s=CProgressPage::RecheckDownloadTaskhttp_infoSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpfalse
                                                  		high
                                                  http://en.wikipediaSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1692537414.00000000043C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://s.ludashi.com/url2?pid=buysite_00&type=xzq&action=run&appver=6.1023.1185.719&modver=6.1023.11SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2888105896.00000000030F0000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1707599847.0000000001488000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674130869.000000000311F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1707599847.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675281292.000000000311F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1675304986.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1932987618.00000000014A9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674971674.00000000014A1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887404731.00000000014C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.0000000001469000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1674696196.00000000014A1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designersK?gSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1695223996.00000000043ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://cdn-file-ssl-pc.ludashi.com/pc/installer/ludashi_home_20221101.dllSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2887086887.00000000013FE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.fontbureau.com/designers/cabarga.htmldSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702446920.00000000043B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.carterandcone.comlSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.founder.com.cn/cn/SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1684870444.00000000043C2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1684047263.00000000043C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • 0%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.founder.com.cn/cnSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • 0%, Virustotal, Browse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.fontbureau.com/designers/frere-user.htmlSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1701298555.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1701390493.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.ludashi.com/lisence.htmlerrorSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                		high
                                                                http://www.fontbureau.com/designers/cabarga.htmlSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1702446920.00000000043B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://paint-s.ludashi.com/allcommon?ptype=thundercdn&s=SecuriteInfo.com.FileRepPup.9888.7317.exefalse
                                                                    		high
                                                                    http://softmgr-cfg.ludashi.com/inst/get3ck(WSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers$SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1695363791.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1695293617.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1695223996.00000000043ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.jiyu-kobo.co.jp/SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://softmgr-cfg.ludashi.com/inst/get3mui2SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2888105896.00000000030F0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.fontbureau.com/designers8SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000002.2889727823.00000000056D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fontbureau.com/designers/SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697985402.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697899627.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697787406.00000000043ED000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1697840712.00000000043ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.founder.com.cn/cns-eSecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1684870444.00000000043C2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.FileRepPup.9888.7317.exe, 00000000.00000003.1684047263.00000000043C4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • 1%, Virustotal, Browse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              47.117.77.180
                                                                              		s.ludashi.comChina
                                                                              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                              114.115.204.103
                                                                              		softmgr-stat.ludashi.comChina
                                                                              		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
                                                                              49.4.55.6
                                                                              		softmgr-cfg.ludashi.comChina
                                                                              		55990HWCSNETHuaweiCloudServicedatacenterCNfalse

                                                                              General Information

                                                                              Joe Sandbox version:40.0.0 Tourmaline
                                                                              Analysis ID:1401813
                                                                              Start date and time:2024-03-02 09:27:06 +01:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 6m 11s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                              Number of analysed new started processes analysed:6
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample name:SecuriteInfo.com.FileRepPup.9888.7317.exe
                                                                              Detection:MAL
                                                                              Classification:mal48.evad.winEXE@1/2@3/3
                                                                              EGA Information:
                                                                              • Successful, ratio: 100%
                                                                              HCA Information:
                                                                              • Successful, ratio: 92%
                                                                              • Number of executed functions: 101
                                                                              • Number of non-executed functions: 110
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe

                                                                              Warnings

                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              No simulations

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              No context

                                                                              Domains

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              s.ludashi.comSecuriteInfo.com.FileRepPup.14593.15387.exeGet hashmaliciousUnknownBrowse
                                                                              • 47.117.76.6
                                                                              SecuriteInfo.com.FileRepMalware.20313.1405.exeGet hashmaliciousUnknownBrowse
                                                                              • 106.15.48.27
                                                                              http://api.pdfxd.com/pdf-service/v1/action?os=163842&device_id=741e5fc1b4d58e5b4c3ac5f1dc5a9464&version=&qd=&day=&t=4312453&product=xundu&machine_name=141700Get hashmaliciousUnknownBrowse
                                                                              • 47.117.76.201
                                                                              XMind #U00e6#U00e7#U00bb#U00b4#U00e5#U00af#U00bc#U00e5#U00be@8001_663@2.8.exeGet hashmaliciousUnknownBrowse
                                                                              • 47.117.76.6
                                                                              UM6rAJhKEq.exeGet hashmaliciousUnknownBrowse
                                                                              • 47.117.76.6
                                                                              mAGs0IsoB7.exeGet hashmaliciousUnknownBrowse
                                                                              • 47.117.76.6
                                                                              KuMTnLOuSZ.exeGet hashmaliciousUnknownBrowse
                                                                              • 47.117.70.170
                                                                              o5ZGIQwDed.exeGet hashmaliciousUnknownBrowse
                                                                              • 47.117.70.170
                                                                              UM6rAJhKEq.exeGet hashmaliciousUnknownBrowse
                                                                              • 106.15.48.27

                                                                              ASNs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              HWCSNETHuaweiCloudServicedatacenterCNSecuriteInfo.com.Trojan.Siggen21.12106.29399.26647.exeGet hashmaliciousEICARBrowse
                                                                              • 139.9.36.246
                                                                              SecuriteInfo.com.Trojan.Siggen21.12106.29399.26647.exeGet hashmaliciousEICARBrowse
                                                                              • 139.9.36.178
                                                                              GEQ9H7lf1W.elfGet hashmaliciousMiraiBrowse
                                                                              • 139.9.138.176
                                                                              fxkWlYHhRR.elfGet hashmaliciousMiraiBrowse
                                                                              • 124.70.30.76
                                                                              vttB6D4E29.elfGet hashmaliciousMiraiBrowse
                                                                              • 117.78.80.75
                                                                              SecuriteInfo.com.BScope.Adware.Softcnapp.24133.13453.exeGet hashmaliciousPoisonivyBrowse
                                                                              • 121.37.232.36
                                                                              SecuriteInfo.com.BScope.Adware.Softcnapp.24133.13453.exeGet hashmaliciousPoisonivyBrowse
                                                                              • 139.9.43.12
                                                                              v7qOH72mJ2.elfGet hashmaliciousMoobotBrowse
                                                                              • 139.9.138.152
                                                                              SecuriteInfo.com.Trojan.DownLoader27.28375.18704.16604.exeGet hashmaliciousUnknownBrowse
                                                                              • 119.3.79.124
                                                                              SecuriteInfo.com.Trojan.DownLoader27.28375.18704.16604.exeGet hashmaliciousUnknownBrowse
                                                                              • 119.3.72.22
                                                                              CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdSecuriteInfo.com.Trojan.Siggen21.12106.29399.26647.exeGet hashmaliciousEICARBrowse
                                                                              • 47.113.53.193
                                                                              SecuriteInfo.com.Linux.Siggen.9999.30713.11741.elfGet hashmaliciousUnknownBrowse
                                                                              • 59.83.49.203
                                                                              iL9zMjibuS.elfGet hashmaliciousUnknownBrowse
                                                                              • 8.179.162.130
                                                                              q97Enql3gW.elfGet hashmaliciousUnknownBrowse
                                                                              • 115.28.15.224
                                                                              5Nz3J0X348.elfGet hashmaliciousGafgytBrowse
                                                                              • 120.26.60.70
                                                                              ZfeALk0ts2.elfGet hashmaliciousUnknownBrowse
                                                                              • 119.23.31.66
                                                                              qWLVwpwiVS.elfGet hashmaliciousUnknownBrowse
                                                                              • 47.96.52.138
                                                                              rNWGsmr9Bh.exeGet hashmaliciousUnknownBrowse
                                                                              • 47.100.247.41
                                                                              rNWGsmr9Bh.exeGet hashmaliciousUnknownBrowse
                                                                              • 47.100.247.41
                                                                              kira.arm7.elfGet hashmaliciousMiraiBrowse
                                                                              • 8.144.123.149
                                                                              CHINA169-BJChinaUnicomBeijingProvinceNetworkCNSecuriteInfo.com.Linux.Siggen.9999.30713.11741.elfGet hashmaliciousUnknownBrowse
                                                                              • 116.219.180.175
                                                                              2IJIy39uga.elfGet hashmaliciousUnknownBrowse
                                                                              • 123.114.82.242
                                                                              1MCNyGRYwO.elfGet hashmaliciousUnknownBrowse
                                                                              • 122.112.24.79
                                                                              q97Enql3gW.elfGet hashmaliciousUnknownBrowse
                                                                              • 219.232.239.205
                                                                              Zo5nx6nbWO.elfGet hashmaliciousGafgytBrowse
                                                                              • 118.26.69.96
                                                                              ZfeALk0ts2.elfGet hashmaliciousUnknownBrowse
                                                                              • 123.123.10.15
                                                                              V1J7GFIwfY.elfGet hashmaliciousMirai, OkiruBrowse
                                                                              • 124.205.146.114
                                                                              huhu.x86_64.elfGet hashmaliciousMirai, OkiruBrowse
                                                                              • 115.33.14.86
                                                                              bTQu.exeGet hashmaliciousRemcosBrowse
                                                                              • 103.239.67.36
                                                                              huhu.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                              • 124.69.77.80

                                                                              JA3 Fingerprints

                                                                              No context

                                                                              Dropped Files

                                                                              No context

                                                                              Created / dropped Files

                                                                              C:\Program Files (x86)\Ludashi\{AA8CBAAE-BDC6-472f-8BF2-F399E6650CDC}.tf

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exe
                                                                              File Type:data
                                                                              Category:dropped
                                                                              Size (bytes):38
                                                                              Entropy (8bit):2.7555427040902134
                                                                              Encrypted:false
                                                                              SSDEEP:3:mlmHssggQpYRE:mlmHIFpN
                                                                              MD5:C888A8606156758E767F0BC7E87D316E
                                                                              SHA1:5B27F2806BB7647D54BEF1901A99345775527DC5
                                                                              SHA-256:2DFC4B5EC7204CEAA1BBC87C795F497DA81785CBBBD7B63036888081BBB98FA8
                                                                              SHA-512:DE64013B77FCC723B064D519E7D08D47DA8EE7D47EF4A0F46BB752ABFDDE3106F37376444D601B3152D0822F783C99B890CAFB250D345CFDEDC59E0525EF5E11
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview:{.A.A.8.C.B.A.A.E.-.B.D.C.6.-.4.7.2.f.

                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\get3[1].htm

                                                                              Download File
                                                                              Process:C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exe
                                                                              File Type:ASCII text, with very long lines (472), with no line terminators
                                                                              Category:dropped
                                                                              Size (bytes):472
                                                                              Entropy (8bit):5.905019534449515
                                                                              Encrypted:false
                                                                              SSDEEP:12:w/AjdNJGfxnTe1RkQgKnX/1dxoxjqCXW8k7:wYpNJGpnq8KnPkXW8S
                                                                              MD5:D9F56D9FB74A463A1DBF11D95C662FAC
                                                                              SHA1:088C903EAED1BA256D27FA99512A91408569B3D3
                                                                              SHA-256:2F367E3C9295DAEE1D2A177F2CCE0DCDF24EC137091EA3B788F197524D5557B6
                                                                              SHA-512:C59AA0A634710BCBE94CBFD95BCD304DD4A0836A3459634EFCB216C2E01D41C3B34AF4F7E6CE047477456361D5E33868790FCAE05475F093A87B0432CCA0FDC1
                                                                              Malicious:false
                                                                              Reputation:low
                                                                              Preview:TYna9pwhk2RwSlH/eyfuhKKTxMYUpBveXW0l4O7Qt+eOinlf/x8wp8pkx0hIAh8umPoiZ1jC824Q7zV4UNWczR8A1HnzVAhnEFfvkYEKpHnTtsm5C5+Syveh5IQ66xBjY0Ba2hH8PVa8A4uwmv5gkPdvaoOmrBWuLAMS6+uYsbjhWHR5muk0uRC0yqJiKSmpAjYSKE3yW75b8ZvjOFJ0Bk2kL2M2iif3wLCFY5yqjNw14RB5UqTKFlx9dV+6yorts6zXetGS8nz+QR/88ZqP/0nqBBffRdegh88AEoZPFuxeCjLyjreAiDdkO9djwJ13n08NMGi5SrFjb0F1aQG2ND2Agc28HigyxcBw0VkcHt0w+JDxS/nO6EuU7Bo5grZtYvAwgp5POVwbONvou/FEc3mor9OdK0c/fPmYsPcuHOKS8bZmlZ1wDeWqs/WGx2vvukeHE6cw008o1k3tyBzKoA==

                                                                              Static File Info

                                                                              General

                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                              Entropy (8bit):7.874859686733168
                                                                              TrID:
                                                                              • Win32 Executable (generic) a (10002005/4) 99.53%
                                                                              • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                              • Windows Screen Saver (13104/52) 0.13%
                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                              File name:SecuriteInfo.com.FileRepPup.9888.7317.exe
                                                                              File size:5'187'472 bytes
                                                                              MD5:3490dc6fe080b01509ae7adf52d6f3d0
                                                                              SHA1:84ed7d674daa4b8fc5db1f40c2d22b052c678672
                                                                              SHA256:a96982e8c7c60161303db9df2235268a7be9a2dac2fd5fdd12ba317cd7259cb0
                                                                              SHA512:cedf06cd7313e20b291a45f09e937aeed3d53f4eb9d0f666a62c4b493686fb5702297ffdd36e66afe6a2ed16028354301edeede8170dcb269a4ad1d4341ed750
                                                                              SSDEEP:98304:Z4s9s38iiFAIc5t94qs4DwpzFgfLS6GdiGTKH12n++8aKIJzDqW5f:Z4on+IfXxK9GYGOVgl/K6DP
                                                                              TLSH:6E360293C195A312D4B39CB64706ACF931BF1D7ED2A62875949FB9DF110A2C2B723207
                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...8..d.................:..........,.I......P....@...................................O...@.........................tZt.H..

                                                                              File Icon

                                                                              Icon Hash:234db2b3f279b34f

                                                                              Static PE Info

                                                                              General

                                                                              Entrypoint:0x89132c
                                                                              Entrypoint Section:.upx1
                                                                              Digitally signed:true
                                                                              Imagebase:0x400000
                                                                              Subsystem:windows gui
                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                              Time Stamp:0x64B79738 [Wed Jul 19 07:56:40 2023 UTC]
                                                                              TLS Callbacks:
                                                                              CLR (.Net) Version:
                                                                              OS Version Major:5
                                                                              OS Version Minor:1
                                                                              File Version Major:5
                                                                              File Version Minor:1
                                                                              Subsystem Version Major:5
                                                                              Subsystem Version Minor:1
                                                                              Import Hash:5701c0418b05d37abfa293149fc3f125

                                                                              Authenticode Signature

                                                                              Signature Valid:true
                                                                              Signature Issuer:CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                              Signature Validation Error:The operation completed successfully
                                                                              Error Number:0
                                                                              Not Before, Not After
                                                                              • 25/05/2021 01:00:00 29/05/2024 00:59:59
                                                                              Subject Chain
                                                                              • CN=Chengdu Qilu Technology Co. Ltd., O=Chengdu Qilu Technology Co. Ltd., L=\u6210\u90fd\u5e02, S=\u56db\u5ddd\u7701, C=CN
                                                                              Version:3
                                                                              Thumbprint MD5:187A069F86D379FE84D71BA37D3B2A30
                                                                              Thumbprint SHA-1:4D7326B46527C9CBEEC83D4368EAF372300FFDCC
                                                                              Thumbprint SHA-256:A2F571D518EAEF0A67CCC12AD3AAC3F240AA8B39A679E5A2F352700412306CAA
                                                                              Serial:05DE6C1E6DCB34DF9869AEDC157F0725

                                                                              Entrypoint Preview

                                                                              Instruction
                                                                              push EBC2D095h
                                                                              call 00007F76ACB0FAD2h
                                                                              add edi, eax
                                                                              jmp 00007F76ACE43951h
                                                                              dec edx
                                                                              cmp ebp, esi
                                                                              cmp al, 87h
                                                                              cmp ecx, edx
                                                                              jmp 00007F76ACAE768Dh
                                                                              mov edx, dword ptr [esi]
                                                                              rcr cl, cl
                                                                              mov eax, dword ptr [esi+04h]
                                                                              sbb cl, 00000037h
                                                                              setne cl
                                                                              mov cl, byte ptr [esi+08h]
                                                                              test dx, ax
                                                                              test si, 40A3h
                                                                              lea esi, dword ptr [esi+00000002h]
                                                                              stc
                                                                              shrd edx, eax, cl
                                                                              mov dword ptr [esi+04h], edx
                                                                              nop
                                                                              pushfd
                                                                              pop dword ptr [esi]
                                                                              sar ah, cl
                                                                              lea edi, dword ptr [edi-00000004h]
                                                                              or eax, ebp
                                                                              mov eax, dword ptr [edi]
                                                                              cmp al, cl
                                                                              stc
                                                                              xor eax, ebx
                                                                              stc
                                                                              ror eax, 1
                                                                              not eax
                                                                              jmp 00007F76ACE42230h
                                                                              mov esp, esi
                                                                              jmp 00007F76ACDCFCD7h
                                                                              mov ax, word ptr [ebx]
                                                                              xor bp, bx
                                                                              inc sp
                                                                              mov ecx, dword ptr [ebx+02h]
                                                                              inc eax
                                                                              adc ch, dh
                                                                              inc eax
                                                                              sub ch, 00000031h
                                                                              xor bp, di
                                                                              dec eax
                                                                              sub ebx, 00000006h
                                                                              inc eax
                                                                              not ch
                                                                              not ax
                                                                              inc eax
                                                                              setnp ch
                                                                              inc cx
                                                                              not ecx
                                                                              btc bp, ax
                                                                              inc cx
                                                                              and eax, ecx
                                                                              mov word ptr [ebx+08h], ax
                                                                              pushfd
                                                                              inc eax
                                                                              rol ch, cl
                                                                              pop dword ptr [ebx]
                                                                              btc ebp, ebx
                                                                              dec ecx
                                                                              sub esi, 00000004h
                                                                              bt bp, bp
                                                                              inc ecx
                                                                              mov ebp, dword ptr [esi]
                                                                              cmc
                                                                              inc ecx
                                                                              xor ebp, esp
                                                                              stc
                                                                              jmp 00007F76ACB318CFh
                                                                              xor ebx, ecx
                                                                              clc
                                                                              test si, ax
                                                                              jmp 00007F76ACB715BBh

                                                                              Data Directories

                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x745a740x48.upx1
                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x6fbf700xc8.upx1
                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x81f0000x6a43d.rsrc
                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x4f0c000x1b90.upx1
                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x81e0000x5d4.reloc
                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x80bc500x20.upx1
                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x81d3400x40.upx1
                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x76a0000x78.upx1
                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3c04140x1e0.upx1
                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                              Sections

                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                              .text0x10000xa388c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .rdata0xa50000x263940x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .data0xcc0000x2d8a80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                              .upx00xfa0000x29d76e0x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .upx10x3980000x485a900x485c001e57aaffe5e4661bb625a804513fa557unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                              .reloc0x81e0000x5d40x6008df366a0e1eeb662aab35e2831052d96False0.5091145833333334data4.160558593999338IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                              .rsrc0x81f0000x6a43d0x6a6008dc953e9e351b5a1a0777af3190afb97False0.1866324544653349data5.712792321098395IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                              Resources

                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                              RT_ICON0x81f2800x42028Device independent bitmap graphic, 256 x 512 x 32, image size 270336ChineseChina0.1611829452318253
                                                                              RT_ICON0x8612a80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584ChineseChina0.17694901218502307
                                                                              RT_ICON0x871ad00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016ChineseChina0.2541517763296195
                                                                              RT_ICON0x87af780x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600ChineseChina0.2825323475046211
                                                                              RT_ICON0x8804000x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896ChineseChina0.24687057156353331
                                                                              RT_ICON0x8846280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600ChineseChina0.38765560165975105
                                                                              RT_ICON0x886bd00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224ChineseChina0.4026735459662289
                                                                              RT_ICON0x887c780x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088ChineseChina0.6702127659574468
                                                                              RT_GROUP_ICON0x8880e00x76dataChineseChina0.7457627118644068
                                                                              RT_VERSION0x8881580x24cdataChineseChina0.5221088435374149
                                                                              RT_MANIFEST0x8883a40x1099exported SGML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.21440338903271358

                                                                              Imports

                                                                              DLLImport
                                                                              KERNEL32.dllGetVersionExW
                                                                              USER32.dllGetCursorPos
                                                                              OLEAUT32.dllVarUI4FromStr
                                                                              dbghelp.dllMakeSureDirectoryPathExists
                                                                              WTSAPI32.dllWTSSendMessageW
                                                                              KERNEL32.dllVirtualQuery
                                                                              USER32.dllGetUserObjectInformationW
                                                                              KERNEL32.dllLocalAlloc, LocalFree, GetModuleFileNameW, GetProcessAffinityMask, SetProcessAffinityMask, SetThreadAffinityMask, Sleep, ExitProcess, FreeLibrary, LoadLibraryA, GetModuleHandleA, GetProcAddress
                                                                              USER32.dllGetProcessWindowStation, GetUserObjectInformationW

                                                                              Exports

                                                                              NameOrdinalAddress
                                                                              _Start@1210x427680

                                                                              Possible Origin

                                                                              Language of compilation systemCountry where language is spokenMap
                                                                              ChineseChina
                                                                              EnglishUnited States

                                                                              Network Behavior

                                                                              Network Port Distribution

                                                                              TCP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Mar 2, 2024 09:27:56.478755951 CET4973280192.168.2.449.4.55.6
                                                                              Mar 2, 2024 09:27:56.798093081 CET804973249.4.55.6192.168.2.4
                                                                              Mar 2, 2024 09:27:56.798393011 CET4973280192.168.2.449.4.55.6
                                                                              Mar 2, 2024 09:27:56.798577070 CET4973280192.168.2.449.4.55.6
                                                                              Mar 2, 2024 09:27:57.129925966 CET804973249.4.55.6192.168.2.4
                                                                              Mar 2, 2024 09:27:57.131715059 CET804973249.4.55.6192.168.2.4
                                                                              Mar 2, 2024 09:27:57.131814957 CET804973249.4.55.6192.168.2.4
                                                                              Mar 2, 2024 09:27:57.131879091 CET4973280192.168.2.449.4.55.6
                                                                              Mar 2, 2024 09:27:57.131879091 CET4973280192.168.2.449.4.55.6
                                                                              Mar 2, 2024 09:27:57.881846905 CET4973380192.168.2.447.117.77.180
                                                                              Mar 2, 2024 09:27:57.967168093 CET4973480192.168.2.4114.115.204.103
                                                                              Mar 2, 2024 09:27:58.201447964 CET804973347.117.77.180192.168.2.4
                                                                              Mar 2, 2024 09:27:58.201531887 CET4973380192.168.2.447.117.77.180
                                                                              Mar 2, 2024 09:27:58.201944113 CET4973380192.168.2.447.117.77.180
                                                                              Mar 2, 2024 09:27:58.321696997 CET8049734114.115.204.103192.168.2.4
                                                                              Mar 2, 2024 09:27:58.321945906 CET4973480192.168.2.4114.115.204.103
                                                                              Mar 2, 2024 09:27:58.322083950 CET4973480192.168.2.4114.115.204.103
                                                                              Mar 2, 2024 09:27:58.520468950 CET804973347.117.77.180192.168.2.4
                                                                              Mar 2, 2024 09:27:58.523575068 CET804973347.117.77.180192.168.2.4
                                                                              Mar 2, 2024 09:27:58.523637056 CET4973380192.168.2.447.117.77.180
                                                                              Mar 2, 2024 09:27:58.676177025 CET8049734114.115.204.103192.168.2.4
                                                                              Mar 2, 2024 09:27:58.677962065 CET8049734114.115.204.103192.168.2.4
                                                                              Mar 2, 2024 09:27:58.677980900 CET8049734114.115.204.103192.168.2.4
                                                                              Mar 2, 2024 09:27:58.678040028 CET4973480192.168.2.4114.115.204.103
                                                                              Mar 2, 2024 09:27:58.678040981 CET4973480192.168.2.4114.115.204.103
                                                                              Mar 2, 2024 09:27:59.529728889 CET804973347.117.77.180192.168.2.4
                                                                              Mar 2, 2024 09:27:59.531081915 CET4973380192.168.2.447.117.77.180
                                                                              Mar 2, 2024 09:28:57.131573915 CET804973249.4.55.6192.168.2.4
                                                                              Mar 2, 2024 09:28:57.131701946 CET4973280192.168.2.449.4.55.6
                                                                              Mar 2, 2024 09:28:58.678360939 CET8049734114.115.204.103192.168.2.4
                                                                              Mar 2, 2024 09:28:58.678430080 CET4973480192.168.2.4114.115.204.103
                                                                              Mar 2, 2024 09:29:46.253606081 CET4973380192.168.2.447.117.77.180
                                                                              Mar 2, 2024 09:29:47.050306082 CET4973380192.168.2.447.117.77.180
                                                                              Mar 2, 2024 09:29:48.628439903 CET4973380192.168.2.447.117.77.180
                                                                              Mar 2, 2024 09:29:51.784713984 CET4973380192.168.2.447.117.77.180
                                                                              Mar 2, 2024 09:29:58.081618071 CET4973380192.168.2.447.117.77.180

                                                                              UDP Packets

                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                              Mar 2, 2024 09:27:56.292443991 CET5536253192.168.2.41.1.1.1
                                                                              Mar 2, 2024 09:27:56.469084978 CET53553621.1.1.1192.168.2.4
                                                                              Mar 2, 2024 09:27:57.790386915 CET5667053192.168.2.41.1.1.1
                                                                              Mar 2, 2024 09:27:57.792072058 CET5023753192.168.2.41.1.1.1
                                                                              Mar 2, 2024 09:27:57.880525112 CET53502371.1.1.1192.168.2.4
                                                                              Mar 2, 2024 09:27:57.965913057 CET53566701.1.1.1192.168.2.4

                                                                              DNS Queries

                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                              Mar 2, 2024 09:27:56.292443991 CET192.168.2.41.1.1.10x42baStandard query (0)softmgr-cfg.ludashi.comA (IP address)IN (0x0001)false
                                                                              Mar 2, 2024 09:27:57.790386915 CET192.168.2.41.1.1.10x8eb4Standard query (0)softmgr-stat.ludashi.comA (IP address)IN (0x0001)false
                                                                              Mar 2, 2024 09:27:57.792072058 CET192.168.2.41.1.1.10xedd3Standard query (0)s.ludashi.comA (IP address)IN (0x0001)false

                                                                              DNS Answers

                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                              Mar 2, 2024 09:27:56.469084978 CET1.1.1.1192.168.2.40x42baNo error (0)softmgr-cfg.ludashi.com49.4.55.6A (IP address)IN (0x0001)false
                                                                              Mar 2, 2024 09:27:57.880525112 CET1.1.1.1192.168.2.40xedd3No error (0)s.ludashi.com47.117.77.180A (IP address)IN (0x0001)false
                                                                              Mar 2, 2024 09:27:57.965913057 CET1.1.1.1192.168.2.40x8eb4No error (0)softmgr-stat.ludashi.com114.115.204.103A (IP address)IN (0x0001)false

                                                                              HTTP Request Dependency Graph

                                                                              • softmgr-cfg.ludashi.com
                                                                              • s.ludashi.com
                                                                              • softmgr-stat.ludashi.com

                                                                              HTTP Packets

                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              0192.168.2.44973249.4.55.6807300C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Mar 2, 2024 09:27:56.798577070 CET486OUTGET /inst/get3 HTTP/1.1
                                                                              Accept: */*
                                                                              Accept-Language: zh-CN,zh;q=0.9
                                                                              Connection: Keep-Alive
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.4044.92 Safari/537.36
                                                                              Host: softmgr-cfg.ludashi.com
                                                                              Content-Length: 184
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 54 43 54 79 36 30 49 76 77 39 5a 57 4d 46 34 56 4e 45 79 50 6b 45 2b 37 4a 6b 55 4f 79 45 34 48 62 6e 79 2b 75 50 78 7a 38 74 72 76 2b 47 4f 6b 54 4d 58 6a 79 41 50 36 58 61 49 47 35 75 73 6c 72 4e 55 6c 34 53 51 35 43 31 77 4e 77 2b 71 6d 58 65 5a 73 75 64 52 6a 73 62 65 6a 4d 2b 42 75 65 6e 2f 79 6e 2f 4f 6a 56 34 2f 59 36 4c 35 49 36 73 64 4a 43 57 36 44 6a 38 44 57 52 6c 37 4c 48 5a 54 49 47 39 7a 71 58 68 58 67 59 6d 6e 57 5a 50 46 36 67 64 6c 46 79 74 56 79 71 72 76 79 4d 6a 6d 62 50 70 76 6c 33 71 38 37 73 4e 4c 71 46 63 50 73 67 41 3d 3d
                                                                              Data Ascii: TCTy60Ivw9ZWMF4VNEyPkE+7JkUOyE4Hbny+uPxz8trv+GOkTMXjyAP6XaIG5uslrNUl4SQ5C1wNw+qmXeZsudRjsbejM+Buen/yn/OjV4/Y6L5I6sdJCW6Dj8DWRl7LHZTIG9zqXhXgYmnWZPF6gdlFytVyqrvyMjmbPpvl3q87sNLqFcPsgA==
                                                                              Mar 2, 2024 09:27:57.131715059 CET5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0
                                                                              Mar 2, 2024 09:27:57.131814957 CET688INHTTP/1.1 200 OK
                                                                              Date: Sat, 02 Mar 2024 08:27:56 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: keep-alive
                                                                              Vary: Accept-Encoding
                                                                              X-Powered-By: PHP/7.1.8
                                                                              Server: elb
                                                                              Data Raw: 31 64 38 0d 0a 54 59 6e 61 39 70 77 68 6b 32 52 77 53 6c 48 2f 65 79 66 75 68 4b 4b 54 78 4d 59 55 70 42 76 65 58 57 30 6c 34 4f 37 51 74 2b 65 4f 69 6e 6c 66 2f 78 38 77 70 38 70 6b 78 30 68 49 41 68 38 75 6d 50 6f 69 5a 31 6a 43 38 32 34 51 37 7a 56 34 55 4e 57 63 7a 52 38 41 31 48 6e 7a 56 41 68 6e 45 46 66 76 6b 59 45 4b 70 48 6e 54 74 73 6d 35 43 35 2b 53 79 76 65 68 35 49 51 36 36 78 42 6a 59 30 42 61 32 68 48 38 50 56 61 38 41 34 75 77 6d 76 35 67 6b 50 64 76 61 6f 4f 6d 72 42 57 75 4c 41 4d 53 36 2b 75 59 73 62 6a 68 57 48 52 35 6d 75 6b 30 75 52 43 30 79 71 4a 69 4b 53 6d 70 41 6a 59 53 4b 45 33 79 57 37 35 62 38 5a 76 6a 4f 46 4a 30 42 6b 32 6b 4c 32 4d 32 69 69 66 33 77 4c 43 46 59 35 79 71 6a 4e 77 31 34 52 42 35 55 71 54 4b 46 6c 78 39 64 56 2b 36 79 6f 72 74 73 36 7a 58 65 74 47 53 38 6e 7a 2b 51 52 2f 38 38 5a 71 50 2f 30 6e 71 42 42 66 66 52 64 65 67 68 38 38 41 45 6f 5a 50 46 75 78 65 43 6a 4c 79 6a 72 65 41 69 44 64 6b 4f 39 64 6a 77 4a 31 33 6e 30 38 4e 4d 47 69 35 53 72 46 6a 62 30 46 31 61 51 47 32 4e 44 32 41 67 63 32 38 48 69 67 79 78 63 42 77 30 56 6b 63 48 74 30 77 2b 4a 44 78 53 2f 6e 4f 36 45 75 55 37 42 6f 35 67 72 5a 74 59 76 41 77 67 70 35 50 4f 56 77 62 4f 4e 76 6f 75 2f 46 45 63 33 6d 6f 72 39 4f 64 4b 30 63 2f 66 50 6d 59 73 50 63 75 48 4f 4b 53 38 62 5a 6d 6c 5a 31 77 44 65 57 71 73 2f 57 47 78 32 76 76 75 6b 65 48 45 36 63 77 30 30 38 6f 31 6b 33 74 79 42 7a 4b 6f 41 3d 3d 0d 0a
                                                                              Data Ascii: 1d8TYna9pwhk2RwSlH/eyfuhKKTxMYUpBveXW0l4O7Qt+eOinlf/x8wp8pkx0hIAh8umPoiZ1jC824Q7zV4UNWczR8A1HnzVAhnEFfvkYEKpHnTtsm5C5+Syveh5IQ66xBjY0Ba2hH8PVa8A4uwmv5gkPdvaoOmrBWuLAMS6+uYsbjhWHR5muk0uRC0yqJiKSmpAjYSKE3yW75b8ZvjOFJ0Bk2kL2M2iif3wLCFY5yqjNw14RB5UqTKFlx9dV+6yorts6zXetGS8nz+QR/88ZqP/0nqBBffRdegh88AEoZPFuxeCjLyjreAiDdkO9djwJ13n08NMGi5SrFjb0F1aQG2ND2Agc28HigyxcBw0VkcHt0w+JDxS/nO6EuU7Bo5grZtYvAwgp5POVwbONvou/FEc3mor9OdK0c/fPmYsPcuHOKS8bZmlZ1wDeWqs/WGx2vvukeHE6cw008o1k3tyBzKoA==


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              1192.168.2.44973347.117.77.180807300C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Mar 2, 2024 09:27:58.201944113 CET490OUTGET /url2?pid=buysite_00&type=xzq&action=run&appver=6.1023.1185.719&modver=6.1023.1185.719&mid=6039146e22b008fbd61fc0617475e9aa&ex_ary[siteid]=&ex_ary[softid]=&ex_ary[os]=10.0.19045&ex_ary[sr]=0&ex_ary[bit]=1&ex_ary[tagid]= HTTP/1.1
                                                                              Accept: */*
                                                                              Accept-Encoding: gzip, deflate
                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                              Host: s.ludashi.com
                                                                              Connection: Keep-Alive
                                                                              Mar 2, 2024 09:27:58.523575068 CET228INHTTP/1.1 200 OK
                                                                              Date: Sat, 02 Mar 2024 08:27:58 GMT
                                                                              Content-Type: text/plain; charset=utf-8
                                                                              Content-Length: 0
                                                                              Connection: keep-alive
                                                                              Last-Modified: Sat, 28 Dec 2019 01:45:27 GMT
                                                                              ETag: "5e06b3b7-0"
                                                                              Accept-Ranges: bytes


                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                              2192.168.2.449734114.115.204.103807300C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exe
                                                                              TimestampBytes transferredDirectionData
                                                                              Mar 2, 2024 09:27:58.322083950 CET608OUTPOST /downloader/soft/reportNew HTTP/1.1
                                                                              Accept: */*
                                                                              Accept-Language: zh-CN,zh;q=0.9
                                                                              Connection: Keep-Alive
                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.4044.92 Safari/537.36
                                                                              Host: softmgr-stat.ludashi.com
                                                                              Content-Length: 288
                                                                              Cache-Control: no-cache
                                                                              Data Raw: 38 6a 34 39 4e 37 65 56 70 61 68 37 6b 78 4c 61 47 39 2b 4b 63 54 77 56 65 71 78 71 34 37 69 48 72 69 43 45 75 49 64 69 4e 53 66 51 58 31 52 75 4a 47 62 78 69 44 6a 66 4d 37 6e 72 43 79 6e 41 68 2b 30 5a 6d 78 5a 78 36 72 71 45 6f 6e 32 50 5a 49 53 39 73 76 4d 6b 31 65 52 2b 33 30 55 6c 69 6e 47 31 73 4c 76 63 49 6b 4d 52 51 70 43 72 72 43 46 46 64 74 37 52 52 67 4d 46 35 43 78 56 32 58 33 2b 2f 39 53 32 32 44 49 74 47 57 43 30 73 4b 50 33 48 7a 36 53 45 32 79 30 6f 6e 52 44 36 42 2f 50 6c 61 42 31 57 53 51 61 71 46 7a 6f 30 65 34 59 6a 37 73 59 69 61 2b 50 32 58 37 5a 33 56 4d 79 41 68 76 56 78 45 54 50 4a 31 49 70 45 74 78 6b 58 57 43 49 44 4f 38 6f 30 6f 41 32 7a 6d 4f 79 33 4c 55 37 36 58 37 38 54 46 2b 45 4e 69 58 6b 7a 32 7a 79 47 46 6a 31 6b 35 79 32 64 69 63 4a 56 31 52 7a 36 34 37 47 54 31 35 61 70 76 68 6b 57 55 2f 6b 71 4b 79 31 4e 58 64 69
                                                                              Data Ascii: 8j49N7eVpah7kxLaG9+KcTwVeqxq47iHriCEuIdiNSfQX1RuJGbxiDjfM7nrCynAh+0ZmxZx6rqEon2PZIS9svMk1eR+30UlinG1sLvcIkMRQpCrrCFFdt7RRgMF5CxV2X3+/9S22DItGWC0sKP3Hz6SE2y0onRD6B/PlaB1WSQaqFzo0e4Yj7sYia+P2X7Z3VMyAhvVxETPJ1IpEtxkXWCIDO8o0oA2zmOy3LU76X78TF+ENiXkz2zyGFj1k5y2dicJV1Rz647GT15apvhkWU/kqKy1NXdi
                                                                              Mar 2, 2024 09:27:58.677962065 CET279INHTTP/1.1 200 OK
                                                                              Date: Sat, 02 Mar 2024 08:27:58 GMT
                                                                              Content-Type: text/html; charset=UTF-8
                                                                              Transfer-Encoding: chunked
                                                                              Connection: keep-alive
                                                                              Vary: Accept-Encoding
                                                                              X-Powered-By: PHP/7.1.8
                                                                              Server: elb
                                                                              Data Raw: 34 30 0d 0a 33 73 53 57 46 4f 61 2f 77 38 58 41 6d 55 4c 35 35 4e 47 65 35 35 77 56 78 67 48 4c 51 44 67 34 33 78 6d 75 71 6f 4c 2f 66 4d 46 54 41 76 77 73 53 57 35 44 36 58 31 69 76 61 64 41 45 58 33 66 0d 0a
                                                                              Data Ascii: 403sSWFOa/w8XAmUL55NGe55wVxgHLQDg43xmuqoL/fMFTAvwsSW5D6X1ivadAEX3f
                                                                              Mar 2, 2024 09:27:58.677980900 CET5INData Raw: 30 0d 0a 0d 0a
                                                                              Data Ascii: 0


                                                                              Statistics

                                                                              CPU Usage

                                                                              Click to jump to process

                                                                              Memory Usage

                                                                              Click to jump to process

                                                                              High Level Behavior Distribution

                                                                              Click to dive into process behavior distribution

                                                                              System Behavior

                                                                              General

                                                                              Target ID:0
                                                                              Start time:09:27:52
                                                                              Start date:02/03/2024
                                                                              Path:C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exe
                                                                              Wow64 process (32bit):true
                                                                              Commandline:C:\Users\user\Desktop\SecuriteInfo.com.FileRepPup.9888.7317.exe
                                                                              Imagebase:0x500000
                                                                              File size:5'187'472 bytes
                                                                              MD5 hash:3490DC6FE080B01509AE7ADF52D6F3D0
                                                                              Has elevated privileges:true
                                                                              Has administrator privileges:true
                                                                              Programmed in:C, C++ or other language
                                                                              Reputation:low
                                                                              Has exited:false

                                                                              Disassembly

                                                                              Reset < >

                                                                                Execution Graph

                                                                                Execution Coverage:8.5%
                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                Signature Coverage:15.4%
                                                                                Total number of Nodes:1142
                                                                                Total number of Limit Nodes:66
                                                                                execution_graph 47530 526a90 47531 526aa4 47530->47531 47532 54a950 2 API calls 47531->47532 47534 526ae6 47532->47534 47533 526bb4 PeekMessageW 47540 526b5e 47533->47540 47535 54a950 2 API calls 47534->47535 47534->47540 47536 526b47 47535->47536 47537 504ba0 21 API calls 47536->47537 47537->47540 47538 526c58 47543 526720 RtlEnterCriticalSection 47538->47543 47540->47533 47540->47538 47541 526c00 47540->47541 47542 52696f 47543->47542 47544 51de15 47547 51d850 47544->47547 47546 51de1c 47549 51d86a 47547->47549 47548 51da3f 47548->47546 47549->47548 47550 51d8a1 CreateCompatibleDC CreateCompatibleBitmap SelectObject SetViewportOrgEx 47549->47550 47551 51d92d 47550->47551 47551->47546 46766 505ed6 RtlEnterCriticalSection RtlLeaveCriticalSection 46767 505f37 46766->46767 46768 530bd5 46769 530bf6 ctype 46768->46769 46774 51d5b0 46769->46774 46770 530d7a 46778 531010 46770->46778 46771 530d86 46775 51d5df 46774->46775 46777 51d600 46774->46777 46775->46777 46782 51d360 46775->46782 46777->46770 46779 5310c2 46778->46779 46780 531030 46778->46780 46779->46771 46780->46779 46791 53cde0 46780->46791 46785 5046f0 46782->46785 46784 51d384 46784->46777 46786 504704 46785->46786 46787 504785 46785->46787 46786->46787 46788 504724 RtlEnterCriticalSection 46786->46788 46787->46784 46789 5048b7 RtlLeaveCriticalSection 46788->46789 46790 50473c 46788->46790 46789->46787 46790->46784 46792 53cded 46791->46792 46795 53ce10 46792->46795 46796 53cf20 23 API calls ___scrt_fastfail 46792->46796 46794 53ce06 46794->46780 46795->46780 46796->46794 47556 530b9a 47561 530000 47556->47561 47559 530ba7 47562 53007e 47561->47562 47563 53002c RtlEnterCriticalSection 47561->47563 47562->47559 47566 53ef60 47562->47566 47564 53006e RtlLeaveCriticalSection 47563->47564 47565 530040 ctype 47563->47565 47564->47562 47565->47564 47567 53ef96 47566->47567 47568 53ef6d Shell_NotifyIconW 47566->47568 47567->47559 47568->47567 47569 53ef8c Shell_NotifyIconW 47568->47569 47569->47567 46797 55ccdf 46798 55cce5 GetProcAddress 46797->46798 46799 55cd1a 46797->46799 46798->46799 46800 55ccfa 46798->46800 46803 55d370 46800->46803 46802 55cd09 46804 55d3b6 46803->46804 46805 55d3cb RtlEnterCriticalSection 46803->46805 46804->46802 46806 55d3e1 46805->46806 46815 55e380 46806->46815 46808 55d76d RtlLeaveCriticalSection 46809 55d78b 46808->46809 46809->46802 46811 55d403 46811->46808 46813 55d467 46811->46813 46822 55e260 46811->46822 46813->46808 46814 55d555 46813->46814 46834 55d8e0 46813->46834 46814->46802 46816 55e397 ___scrt_fastfail 46815->46816 46818 55e3d0 46816->46818 46839 58cd7f 5 API calls __wsopen_s 46816->46839 46819 55e3f0 46818->46819 46840 58cd7f 5 API calls __wsopen_s 46818->46840 46819->46811 46821 55e3e4 46821->46811 46823 55e26f 46822->46823 46824 55e288 46822->46824 46841 58cd7f 5 API calls __wsopen_s 46823->46841 46830 55e2a1 ___scrt_fastfail 46824->46830 46842 58cd7f 5 API calls __wsopen_s 46824->46842 46827 55e280 46827->46811 46828 55e376 46828->46811 46829 55e342 46831 55e35f 46829->46831 46844 58cd7f 5 API calls __wsopen_s 46829->46844 46830->46828 46830->46829 46843 58cd7f 5 API calls __wsopen_s 46830->46843 46831->46811 46835 55d8ec 46834->46835 46836 55d914 ResumeThread 46835->46836 46838 55d936 46835->46838 46837 55d92b 46836->46837 46837->46808 46838->46808 46839->46818 46840->46821 46841->46827 46842->46830 46843->46829 46844->46831 46845 50b7c0 46847 50b7fc 46845->46847 46846 50b931 46847->46846 46851 51f210 46847->46851 46849 50b8ee ___scrt_fastfail 46849->46846 46856 520070 SHSetValueW 46849->46856 46853 51f25f ___scrt_fastfail 46851->46853 46852 51f34e 46853->46852 46854 51f29a SHGetValueW 46853->46854 46855 51f2cd 46854->46855 46855->46849 46857 5200a9 46856->46857 46857->46846 46858 54b7c7 46859 54b7d7 46858->46859 46862 53f99e 46859->46862 46861 54b7e4 46880 53f6ff 46862->46880 46865 53fa0b 46866 53f93c DloadReleaseSectionWriteAccess DloadObtainSection 46865->46866 46867 53fa16 ___delayLoadHelper2@8 46866->46867 46867->46861 46868 53fb78 GetProcAddress 46869 53fb88 GetLastError 46868->46869 46873 53fbd6 46868->46873 46871 53fb9b 46869->46871 46870 53fa2f 46870->46868 46870->46873 46877 53faa7 ___delayLoadHelper2@8 46870->46877 46871->46873 46875 53f93c DloadReleaseSectionWriteAccess DloadObtainSection 46871->46875 46885 53f93c 46873->46885 46874 53fc04 46874->46861 46876 53fbbc 46875->46876 46878 53f6ff ___delayLoadHelper2@8 DloadObtainSection 46876->46878 46877->46861 46879 53fbd3 46878->46879 46879->46873 46881 53f731 46880->46881 46882 53f70b 46880->46882 46881->46865 46881->46870 46883 53f72c 46882->46883 46889 53f8ce DloadObtainSection 46882->46889 46886 53f94e 46885->46886 46887 53f96b 46885->46887 46886->46887 46888 53f8ce DloadReleaseSectionWriteAccess DloadObtainSection 46886->46888 46887->46874 46888->46887 46890 53f8e9 46889->46890 46890->46883 47570 55da06 47571 55da10 47570->47571 47572 55da1d CreateToolhelp32Snapshot 47571->47572 47573 55da37 47572->47573 47576 55dc00 47572->47576 47574 55da3f Thread32First 47573->47574 47573->47576 47575 55da5c 47574->47575 47574->47576 47577 55dc24 47576->47577 47578 55d8e0 ResumeThread 47576->47578 47578->47577 46891 53f64e 46892 53f63d 46891->46892 46892->46891 46893 53f99e ___delayLoadHelper2@8 3 API calls 46892->46893 46893->46892 46894 511d4f 46895 511d7f 46894->46895 46898 5080d0 46895->46898 46897 511dbd 46899 508101 RtlEnterCriticalSection 46898->46899 46900 508108 ctype 46898->46900 46899->46900 46903 5082d3 RtlLeaveCriticalSection 46900->46903 46904 58414a 46900->46904 46903->46897 46905 58416b 46904->46905 46908 584157 __mbsinc std::_Stofx_v2 46904->46908 46912 584101 46905->46912 46907 584178 46910 5841ab __dosmaperr 46907->46910 46911 58419f GetLastError 46907->46911 46908->46903 46919 584073 GetLastError std::_Locinfo::_Locinfo_ctor 46910->46919 46911->46910 46913 584111 std::_Locinfo::_Locinfo_ctor 46912->46913 46920 58db45 46913->46920 46915 58411a 46916 584121 46915->46916 46924 584073 GetLastError std::_Locinfo::_Locinfo_ctor 46915->46924 46916->46907 46918 584143 46918->46907 46919->46908 46921 58db79 __dosmaperr 46920->46921 46922 58db50 std::_Stofx_v2 46920->46922 46921->46915 46922->46921 46923 58db6b GetLastError 46922->46923 46923->46921 46924->46918 47579 60c980 47582 60c98a 47579->47582 47581 60c9a4 47582->47581 47583 60c9a6 47582->47583 47588 60f82f 47582->47588 47586 60c9c2 47583->47586 47594 60c965 std::exception::exception 47583->47594 47595 6051c0 std::exception::exception 47586->47595 47587 60c9d6 47589 60f8ce 47588->47589 47593 60f841 47588->47593 47589->47582 47592 60f89e RtlAllocateHeap 47592->47593 47593->47589 47593->47592 47596 6149dd __invoke_watson __set_error_mode __NMSG_WRITE 47593->47596 47597 614832 __invoke_watson _strcpy_s __set_error_mode 47593->47597 47594->47586 47595->47587 47596->47593 47597->47593 47598 5167b0 StrCmpW 47599 5167e3 StrCmpW 47598->47599 47602 5167ce 47598->47602 47600 516804 StrCmpW 47599->47600 47603 5167ef 47599->47603 47601 516810 StrCmpW 47600->47601 47604 51681c 47600->47604 47601->47604 47602->47599 47603->47600 46925 506072 46927 506074 RtlLeaveCriticalSection 46925->46927 46928 5060a6 46927->46928 47605 60dd82 47606 60dd8d __DllMainCRTStartup@12 47605->47606 47609 60dc8c 47606->47609 47608 60dda0 47610 60dc98 47609->47610 47614 60dd35 47610->47614 47615 60dce5 47610->47615 47617 60db57 47610->47617 47612 60dd15 47613 60db57 ___DllMainCRTStartup 15 API calls 47612->47613 47612->47614 47613->47614 47614->47608 47615->47612 47615->47614 47616 60db57 ___DllMainCRTStartup 15 API calls 47615->47616 47616->47612 47618 60dbe2 47617->47618 47635 60db66 ___DllMainCRTStartup __RTC_Initialize 47617->47635 47619 60dc19 47618->47619 47624 60dbe8 47618->47624 47620 60dc77 47619->47620 47621 60dc1e 47619->47621 47634 60db71 ___DllMainCRTStartup 47620->47634 47647 60f20a 8 API calls 2 library calls 47620->47647 47644 60eef0 TlsGetValue TlsGetValue TlsGetValue TlsSetValue __mtterm 47621->47644 47624->47634 47642 60ef24 6 API calls __mtterm 47624->47642 47625 60db81 47640 612147 HeapFree HeapFree ___DllMainCRTStartup 47625->47640 47628 60dc23 47628->47634 47645 60ee75 TlsGetValue TlsGetValue 47628->47645 47629 60dc12 47643 612147 HeapFree HeapFree ___DllMainCRTStartup 47629->47643 47632 60dc4d 47632->47634 47646 60e364 ___sbh_find_block ___sbh_free_block HeapFree __mtterm 47632->47646 47634->47615 47635->47625 47635->47634 47636 60dbab 47635->47636 47638 60dbbb __setenvp 47635->47638 47641 60ef24 6 API calls __mtterm 47636->47641 47638->47636 47639 60dbc4 __cinit 47638->47639 47639->47634 47639->47636 47640->47634 47641->47625 47642->47629 47643->47634 47644->47628 47645->47632 47646->47634 47647->47634 46929 53d670 46930 53d68d 46929->46930 46934 53d686 46929->46934 46931 53d7bd 46930->46931 46935 53d697 ctype ___scrt_fastfail 46930->46935 46936 53db10 46931->46936 46933 58414a 2 API calls 46933->46934 46935->46933 46937 53db50 ___scrt_fastfail 46936->46937 46938 53db5e 46936->46938 46937->46938 46939 53db81 URLDownloadToCacheFileW 46937->46939 46938->46934 46939->46938 46940 53cef0 46943 53d310 46940->46943 46942 53cf11 46944 53d322 46943->46944 46950 53d340 46943->46950 46945 53d442 46944->46945 46946 53d335 46944->46946 46945->46950 46952 53cf20 23 API calls ___scrt_fastfail 46945->46952 46946->46950 46951 53cf20 23 API calls ___scrt_fastfail 46946->46951 46949 53d372 46949->46942 46950->46942 46951->46949 46952->46950 46953 530f70 46956 5310e0 46953->46956 46955 530f91 46957 53111e 46956->46957 46961 53117c 46956->46961 46958 53118a 46957->46958 46959 53116f 46957->46959 46957->46961 46958->46961 46962 53122c 46958->46962 46964 53127a 46958->46964 46967 530970 46959->46967 46961->46955 46983 530090 46962->46983 46964->46961 46988 530db0 23 API calls 46964->46988 46966 531234 46966->46955 46968 5309a8 46967->46968 46969 5309fb 46968->46969 46970 530aca 46968->46970 46991 54a950 46969->46991 46971 530090 2 API calls 46970->46971 46974 530acf 46971->46974 46973 530a00 46975 54a950 2 API calls 46973->46975 46981 530a7b 46973->46981 46977 530af3 LoadImageW 46974->46977 46976 530a64 46975->46976 46996 504ba0 46976->46996 46989 729093 46977->46989 46981->46961 46982 530b24 46982->46961 46984 53010e 46983->46984 46985 5300bc RtlEnterCriticalSection 46983->46985 46984->46966 46986 5300fe RtlLeaveCriticalSection 46985->46986 46987 5300d0 ctype 46985->46987 46986->46984 46987->46986 46988->46961 46990 530b04 SendMessageW 46989->46990 46990->46982 46992 54aa27 46991->46992 46993 54a981 RtlEnterCriticalSection 46991->46993 46992->46973 46994 54aa17 RtlLeaveCriticalSection 46993->46994 46995 54a9a3 ctype ___scrt_fastfail 46993->46995 46994->46992 46995->46994 47001 506f80 46996->47001 46998 504c40 ctype 46999 504c7f std::locale::_Init 46998->46999 47000 504c98 ___scrt_fastfail 46998->47000 46999->47000 47000->46981 47002 506ffe ctype 47001->47002 47003 507007 std::locale::_Init 47002->47003 47004 50701d std::_Lockit::_Lockit 47002->47004 47003->47004 47006 507070 std::_Lockit::_Lockit 47004->47006 47010 50709f 47004->47010 47007 507091 std::_Lockit::~_Lockit 47006->47007 47008 507081 47006->47008 47007->47010 47008->47007 47009 50710f std::_Lockit::~_Lockit 47013 507124 47009->47013 47010->47009 47022 506290 9 API calls 4 library calls 47010->47022 47012 5070e3 47015 5070ef std::_Facet_Register 47012->47015 47019 507189 __CxxThrowException@8 47012->47019 47014 507166 47013->47014 47013->47019 47016 507172 47014->47016 47023 54647a std::_Lockit::_Lockit std::_Lockit::~_Lockit 47014->47023 47018 507109 47015->47018 47016->46998 47018->47009 47024 505130 ___std_exception_copy ___std_exception_copy ___std_exception_copy SimpleUString::operator= 47019->47024 47021 5071d3 __CxxThrowException@8 47022->47012 47023->47016 47024->47021 47648 51e834 47650 51e83a 47648->47650 47649 51e928 47650->47649 47651 51e88f GetProcAddress 47650->47651 47651->47649 47652 51e89a GetNativeSystemInfo 47651->47652 47653 51e8bc GetProcAddress 47652->47653 47655 51e8eb 47653->47655 47655->47649 47656 55cd30 47660 55cd73 ___scrt_fastfail 47656->47660 47657 55ce85 47658 55cfc0 NtOpenFile 47657->47658 47659 55cebe 47657->47659 47658->47659 47660->47657 47661 55cdbd _wcsrchr 47660->47661 47661->47657 47662 55cdd2 47661->47662 47663 55ce0b _wcsstr 47662->47663 47663->47657 47664 55ce27 47663->47664 47665 55ce4f _wcsstr 47664->47665 47665->47657 47666 55ce6b StrStrIW 47665->47666 47666->47657 47667 5301bb 47668 5301cc ctype 47667->47668 47669 530244 47668->47669 47670 5301d8 CreateCompatibleDC CreateCompatibleBitmap SelectObject SetViewportOrgEx 47668->47670 47670->47669 47027 53e27e 47028 53e283 47027->47028 47029 54a950 2 API calls 47028->47029 47030 53e2b5 47029->47030 47031 54a950 2 API calls 47030->47031 47032 53e3fa 47030->47032 47033 53e316 47031->47033 47034 504ba0 21 API calls 47033->47034 47034->47032 47671 51dc3c 47672 51dc48 47671->47672 47673 51d850 4 API calls 47672->47673 47674 51dc5c 47673->47674 47035 583ff6 47036 584002 47035->47036 47037 584009 GetLastError 47036->47037 47038 584016 47036->47038 47037->47038 47042 5123c0 47038->47042 47051 53d810 47038->47051 47039 58404d 47049 5123f7 47042->47049 47043 512403 RtlEnterCriticalSection 47043->47049 47044 512504 47045 512520 RtlLeaveCriticalSection 47044->47045 47046 51252a 47045->47046 47046->47039 47047 5124c6 RtlLeaveCriticalSection 47048 51255e 47047->47048 47047->47049 47049->47043 47049->47044 47049->47047 47066 512c40 47049->47066 47052 53d840 47051->47052 47053 53d898 47051->47053 47052->47053 47056 54cb45 3 API calls 47052->47056 47057 54cb16 3 API calls 47052->47057 47058 54cb36 3 API calls 47052->47058 47059 54cb77 3 API calls 47052->47059 47060 54cb81 3 API calls 47052->47060 47061 54cb63 3 API calls 47052->47061 47062 54cb6d 3 API calls 47052->47062 47063 54cb4f 3 API calls 47052->47063 47064 54cb59 3 API calls 47052->47064 47065 54cb3b 3 API calls 47052->47065 47053->47039 47054 53db10 URLDownloadToCacheFileW 47054->47053 47055 53d853 47055->47053 47055->47054 47056->47055 47057->47055 47058->47055 47059->47055 47060->47055 47061->47055 47062->47055 47063->47055 47064->47055 47065->47055 47067 512c69 47066->47067 47070 50a4a0 47067->47070 47068 512c81 47068->47049 47071 50a4dd 47070->47071 47072 50a50e SimpleUString::operator= 47070->47072 47086 54cb16 47071->47086 47089 5347cf 47071->47089 47094 54cb4f 47071->47094 47097 54cb6d 47071->47097 47100 54cb63 47071->47100 47103 54cb81 47071->47103 47106 54cb45 47071->47106 47109 533ca2 47071->47109 47143 54cb3b 47071->47143 47146 533b7c 47071->47146 47152 54cb59 47071->47152 47155 54cb77 47071->47155 47158 54cb36 47071->47158 47072->47068 47087 54cb20 47086->47087 47088 53f99e ___delayLoadHelper2@8 3 API calls 47087->47088 47088->47087 47090 5347f6 GetLastError 47089->47090 47091 5347df 47089->47091 47161 533480 47090->47161 47091->47090 47093 534824 SimpleUString::operator= 47093->47072 47095 54cb20 47094->47095 47096 53f99e ___delayLoadHelper2@8 3 API calls 47095->47096 47096->47095 47098 54cb20 47097->47098 47099 53f99e ___delayLoadHelper2@8 3 API calls 47098->47099 47099->47098 47102 54cb20 47100->47102 47101 53f99e ___delayLoadHelper2@8 3 API calls 47101->47102 47102->47101 47105 54cb20 47103->47105 47104 53f99e ___delayLoadHelper2@8 3 API calls 47104->47105 47105->47104 47108 54cb20 47106->47108 47107 53f99e ___delayLoadHelper2@8 3 API calls 47107->47108 47108->47107 47111 533cae InternetOpenW 47109->47111 47112 533d1c 47111->47112 47117 533cfe 47111->47117 47113 533daa InternetConnectW 47112->47113 47112->47117 47113->47117 47118 533dff 47113->47118 47115 533f14 HttpOpenRequestW 47120 533f5d 47115->47120 47116 5343a9 SimpleUString::operator= ctype BuildCatchObjectHelperInternal 47116->47072 47117->47116 47257 58712a 3 API calls 3 library calls 47117->47257 47119 533e9c GetLastError 47118->47119 47121 533e32 47118->47121 47119->47121 47120->47117 47122 533fea HttpAddRequestHeadersA HttpSendRequestW 47120->47122 47121->47115 47121->47116 47122->47117 47123 53406b 47122->47123 47175 5329c0 47123->47175 47125 53408f 47126 534097 47125->47126 47129 5341a3 ___scrt_fastfail 47125->47129 47255 5348c0 29 API calls SimpleUString::operator= 47126->47255 47128 5340b6 47128->47129 47131 54a950 2 API calls 47128->47131 47130 5341d0 HttpQueryInfoA 47129->47130 47132 5341f7 47130->47132 47133 534206 HttpQueryInfoA 47130->47133 47138 5340c3 47131->47138 47132->47133 47133->47117 47134 534285 47133->47134 47134->47117 47136 5342c5 ___scrt_fastfail 47134->47136 47256 587060 10 API calls __wsopen_s 47134->47256 47136->47117 47137 534312 InternetReadFile 47136->47137 47137->47117 47139 54a950 2 API calls 47138->47139 47142 534159 47138->47142 47140 53413c 47139->47140 47141 504ba0 21 API calls 47140->47141 47141->47142 47142->47129 47144 54cb20 47143->47144 47145 53f99e ___delayLoadHelper2@8 3 API calls 47144->47145 47145->47144 47147 533b82 ___scrt_fastfail 47146->47147 47149 533c45 PathFileExistsW 47147->47149 47150 533c01 47147->47150 47149->47150 47151 533c70 47149->47151 47150->47151 47262 58712a 3 API calls 3 library calls 47150->47262 47151->47072 47153 54cb20 47152->47153 47153->47152 47154 53f99e ___delayLoadHelper2@8 3 API calls 47153->47154 47154->47153 47156 54cb20 47155->47156 47157 53f99e ___delayLoadHelper2@8 3 API calls 47156->47157 47157->47156 47160 54cb20 47158->47160 47159 53f99e ___delayLoadHelper2@8 3 API calls 47159->47160 47160->47159 47162 5334be 47161->47162 47163 533599 47162->47163 47165 50be70 47162->47165 47163->47093 47166 54a950 2 API calls 47165->47166 47167 50beab 47166->47167 47168 54a950 2 API calls 47167->47168 47171 50bfab SimpleUString::operator= ctype 47167->47171 47169 50bf0f 47168->47169 47170 504ba0 21 API calls 47169->47170 47172 50bf27 47170->47172 47171->47163 47174 50a060 9 API calls __CxxThrowException@8 47172->47174 47174->47171 47176 54a950 2 API calls 47175->47176 47184 532a02 47176->47184 47177 53335b 47178 54a950 2 API calls 47177->47178 47194 533360 47178->47194 47179 532b44 HttpQueryInfoW 47180 532c31 47179->47180 47181 532b78 47179->47181 47183 54a950 2 API calls 47180->47183 47182 54a950 2 API calls 47181->47182 47185 532b7d 47182->47185 47199 532c36 47183->47199 47186 54a950 2 API calls 47184->47186 47210 532a80 47184->47210 47189 532b94 GetLastError 47185->47189 47254 532c24 47185->47254 47187 532a66 47186->47187 47188 504ba0 21 API calls 47187->47188 47188->47210 47197 532bbd 47189->47197 47190 532e13 HttpQueryInfoW 47192 532e36 GetLastError 47190->47192 47204 532efc 47190->47204 47191 532d77 47193 54a950 2 API calls 47191->47193 47195 532e47 47192->47195 47192->47204 47217 532d7c 47193->47217 47196 54a950 2 API calls 47194->47196 47194->47254 47198 54a950 2 API calls 47195->47198 47200 5333c4 47196->47200 47201 54a950 2 API calls 47197->47201 47202 532e4c 47198->47202 47203 54a950 2 API calls 47199->47203 47238 532cd2 47199->47238 47205 504ba0 21 API calls 47200->47205 47207 532bee 47201->47207 47215 532e63 GetLastError 47202->47215 47202->47254 47208 532c9a 47203->47208 47206 54a950 2 API calls 47204->47206 47205->47254 47211 532f38 47206->47211 47212 504ba0 21 API calls 47207->47212 47209 504ba0 21 API calls 47208->47209 47213 532cb4 47209->47213 47210->47177 47210->47179 47216 533457 SimpleUString::operator= 47210->47216 47229 532fd2 47211->47229 47230 532f4e 47211->47230 47214 532c08 47212->47214 47259 50a060 9 API calls __CxxThrowException@8 47213->47259 47258 50a060 9 API calls __CxxThrowException@8 47214->47258 47222 532e88 47215->47222 47219 54a950 2 API calls 47217->47219 47217->47254 47223 532de0 47219->47223 47220 5330f8 HttpQueryInfoW 47224 533117 47220->47224 47225 5331df 47220->47225 47227 54a950 2 API calls 47222->47227 47228 504ba0 21 API calls 47223->47228 47226 54a950 2 API calls 47224->47226 47231 54a950 2 API calls 47225->47231 47245 53311c 47226->47245 47232 532eb9 47227->47232 47228->47254 47229->47220 47235 54a950 2 API calls 47229->47235 47236 54a950 2 API calls 47230->47236 47230->47254 47244 5331e4 47231->47244 47233 504ba0 21 API calls 47232->47233 47234 532ed3 47233->47234 47260 50a060 9 API calls __CxxThrowException@8 47234->47260 47237 533028 47235->47237 47239 532f9f 47236->47239 47240 504ba0 21 API calls 47237->47240 47238->47190 47238->47191 47241 504ba0 21 API calls 47239->47241 47243 533042 47240->47243 47241->47254 47261 50a060 9 API calls __CxxThrowException@8 47243->47261 47246 54a950 2 API calls 47244->47246 47244->47254 47247 54a950 2 API calls 47245->47247 47245->47254 47249 533248 47246->47249 47250 533180 47247->47250 47251 504ba0 21 API calls 47249->47251 47252 504ba0 21 API calls 47250->47252 47251->47254 47252->47254 47253 533060 47253->47220 47254->47125 47255->47128 47256->47136 47257->47116 47258->47254 47259->47238 47260->47254 47261->47253 47262->47151 47675 50dba2 47676 50dba7 47675->47676 47683 50f5c8 SimpleUString::operator= 47676->47683 47721 54cd50 47676->47721 47678 50dd7d 47679 54a950 2 API calls 47678->47679 47680 50ddc4 47679->47680 47681 54a950 2 API calls 47680->47681 47693 50de5d 47680->47693 47682 50de3d 47681->47682 47684 504ba0 21 API calls 47682->47684 47685 50fd70 PathFileExistsW 47683->47685 47720 50e342 47683->47720 47684->47693 47686 50fdb2 47685->47686 47705 50fe22 SimpleUString::operator= 47685->47705 47759 554080 _wcsrchr _wcsrchr 47686->47759 47688 50fdbe 47689 50fdfc PathRemoveExtensionW 47688->47689 47688->47705 47689->47705 47690 50e2a4 47692 54a950 2 API calls 47690->47692 47691 50e42f 47725 50c160 47691->47725 47697 50e2a9 47692->47697 47693->47683 47693->47690 47693->47691 47695 50e443 47696 54a950 2 API calls 47695->47696 47706 50e4e9 47695->47706 47701 50e450 47696->47701 47698 54a950 2 API calls 47697->47698 47697->47720 47699 50e322 47698->47699 47700 504ba0 21 API calls 47699->47700 47700->47720 47702 54a950 2 API calls 47701->47702 47701->47706 47703 50e4c9 47702->47703 47704 504ba0 21 API calls 47703->47704 47704->47706 47706->47683 47707 54a950 2 API calls 47706->47707 47712 50eb6b 47706->47712 47708 50ead2 47707->47708 47709 54a950 2 API calls 47708->47709 47708->47712 47710 50eb4b 47709->47710 47711 504ba0 21 API calls 47710->47711 47711->47712 47712->47683 47713 54a950 2 API calls 47712->47713 47714 50edd7 47713->47714 47715 54a950 2 API calls 47714->47715 47718 50ee74 47714->47718 47716 50ee50 47715->47716 47717 504ba0 21 API calls 47716->47717 47717->47718 47718->47683 47753 51ebc0 47718->47753 47722 54cda3 47721->47722 47724 54cecc SimpleUString::operator= 47722->47724 47760 54cb90 GetLastError 47722->47760 47724->47678 47726 54a950 2 API calls 47725->47726 47727 50c1af 47726->47727 47728 54a950 2 API calls 47727->47728 47733 50c243 47727->47733 47729 50c223 47728->47729 47730 504ba0 21 API calls 47729->47730 47730->47733 47731 50c3f0 47732 54a950 2 API calls 47731->47732 47736 50c3f5 47732->47736 47733->47731 47735 50c54d 47733->47735 47746 50c48e SimpleUString::operator= 47733->47746 47734 50c611 47737 54a950 2 API calls 47734->47737 47735->47734 47752 50c713 ctype ___scrt_fastfail 47735->47752 47738 54a950 2 API calls 47736->47738 47736->47746 47741 50c616 47737->47741 47739 50c46e 47738->47739 47740 504ba0 21 API calls 47739->47740 47740->47746 47742 54a950 2 API calls 47741->47742 47741->47746 47743 50c68f 47742->47743 47744 504ba0 21 API calls 47743->47744 47744->47746 47746->47695 47747 54a950 RtlEnterCriticalSection RtlLeaveCriticalSection 47747->47752 47748 50ca56 std::locale::_Init 47748->47752 47749 508f80 13 API calls 47749->47752 47750 50cf53 std::locale::_Init 47750->47752 47751 504ba0 21 API calls 47751->47752 47752->47746 47752->47747 47752->47748 47752->47749 47752->47750 47752->47751 47761 553110 15 API calls 47752->47761 47754 51ec0c ___scrt_fastfail 47753->47754 47755 51ed40 47754->47755 47756 51ec4e SHGetValueW 47754->47756 47755->47683 47756->47755 47757 51ec8d PathFileExistsW 47756->47757 47757->47755 47758 51eca2 47757->47758 47758->47755 47759->47688 47760->47724 47761->47752 47263 53e7e0 47264 53e80a 47263->47264 47265 53e857 47263->47265 47266 53e8ea ___scrt_fastfail 47264->47266 47269 53dab0 47264->47269 47265->47266 47274 53da80 47265->47274 47270 53daba 47269->47270 47271 53dabe 47269->47271 47270->47265 47279 573d40 47271->47279 47273 53dacc 47273->47265 47275 53da8a 47274->47275 47276 53da8e 47274->47276 47275->47266 47335 56d6e0 47276->47335 47278 53da9c 47278->47266 47280 573d61 ___scrt_fastfail 47279->47280 47282 573d90 ___scrt_fastfail 47279->47282 47280->47282 47283 5725c0 47280->47283 47282->47273 47285 5725cd 47283->47285 47284 572735 47284->47282 47285->47284 47297 572cb0 47285->47297 47287 5725f7 ___scrt_fastfail 47287->47284 47303 572750 RtlEnterCriticalSection 47287->47303 47289 572625 47308 572970 47289->47308 47291 572699 47295 5726ab 47291->47295 47334 5727f0 GetProcAddress ___scrt_fastfail 47291->47334 47294 572727 47294->47284 47324 573980 47294->47324 47320 572e40 47295->47320 47298 572ccf ___scrt_fastfail 47297->47298 47302 572def 47297->47302 47299 572d00 SHGetValueA 47298->47299 47298->47302 47300 572d35 ___scrt_fastfail 47299->47300 47299->47302 47301 572e40 _strncat 47300->47301 47300->47302 47301->47302 47302->47287 47304 57278d 47303->47304 47305 572768 47303->47305 47307 5727d5 RtlLeaveCriticalSection 47304->47307 47306 572778 RtlLeaveCriticalSection 47305->47306 47306->47289 47307->47289 47309 572996 ___scrt_fastfail 47308->47309 47310 572b49 47308->47310 47309->47310 47311 5729af RegOpenKeyExA 47309->47311 47310->47291 47311->47310 47312 5729d7 RegEnumKeyExA 47311->47312 47313 572a10 RegOpenKeyExA 47312->47313 47314 572b38 RegCloseKey 47312->47314 47315 572b02 RegEnumKeyExA 47313->47315 47316 572a32 RegQueryValueExA 47313->47316 47314->47310 47315->47313 47315->47314 47317 572afa RegCloseKey 47316->47317 47319 572a76 ___scrt_fastfail 47316->47319 47317->47315 47318 572aa7 47318->47291 47319->47317 47319->47318 47321 572e6e ___scrt_fastfail 47320->47321 47321->47321 47322 572f3d _strncat 47321->47322 47322->47321 47323 572f5b ___scrt_fastfail 47322->47323 47323->47294 47325 5739ab ___scrt_fastfail 47324->47325 47326 572e40 _strncat 47325->47326 47327 5739bd ___scrt_fastfail 47326->47327 47328 573a7d SHSetValueA 47327->47328 47329 573b1a SHSetValueA 47328->47329 47332 573abe 47328->47332 47331 573b53 47329->47331 47331->47284 47332->47329 47332->47332 47333 573afd SHSetValueA 47332->47333 47333->47329 47334->47295 47336 56d6ed 47335->47336 47337 56d704 47335->47337 47336->47337 47340 56d8f0 47336->47340 47337->47278 47338 56d7b0 47338->47278 47341 56d9f2 47340->47341 47342 56d922 47340->47342 47341->47338 47343 56d930 RtlEnterCriticalSection 47342->47343 47345 56d93a ___scrt_fastfail 47342->47345 47343->47345 47344 56d9eb RtlLeaveCriticalSection 47344->47341 47351 56d9ab 47345->47351 47352 56eb80 47345->47352 47348 56d984 47349 56d992 47348->47349 47350 56d98b RtlLeaveCriticalSection 47348->47350 47349->47338 47350->47349 47351->47341 47351->47344 47353 56ebb3 47352->47353 47356 56d960 47352->47356 47354 56ec51 47353->47354 47357 56e410 47353->47357 47356->47348 47356->47351 47363 56e446 47357->47363 47358 56e7fb 47359 56e810 RtlEnterCriticalSection 47358->47359 47361 56e882 47359->47361 47362 56e949 ___scrt_fastfail 47359->47362 47360 56e49e ___scrt_fastfail 47374 56e4e5 ctype 47360->47374 47430 56ec60 47360->47430 47367 56e89b 47361->47367 47380 56e8a7 __mbsinc std::_Stofx_v2 BuildCatchObjectHelperInternal 47361->47380 47369 56ea65 StrTrimA StrTrimA 47362->47369 47363->47358 47363->47360 47364 56e499 47363->47364 47377 56e4aa 47363->47377 47394 56fd60 47364->47394 47439 56e300 56 API calls 5 library calls 47367->47439 47368 56e53f 47368->47356 47373 56eab0 47369->47373 47370 56fd60 2 API calls 47370->47360 47440 56e360 56 API calls 5 library calls 47373->47440 47374->47368 47398 56f840 47374->47398 47375 56e8a2 RtlLeaveCriticalSection 47379 56eb67 47375->47379 47377->47360 47377->47370 47379->47356 47380->47375 47381 56eb6b 47380->47381 47382 56e410 52 API calls 47381->47382 47383 56ebdd 47381->47383 47382->47383 47383->47356 47384 56e5c3 47384->47358 47393 56e5da 47384->47393 47405 56fce0 47384->47405 47388 56e729 47388->47393 47415 56fae0 47388->47415 47389 56e6a1 47389->47358 47392 56e676 47389->47392 47389->47393 47392->47388 47392->47393 47438 56f150 56 API calls 2 library calls 47392->47438 47393->47356 47395 56fdbd 47394->47395 47396 56fd8b 47394->47396 47395->47360 47397 56ec60 2 API calls 47396->47397 47397->47395 47441 56f790 47398->47441 47400 56f8bd ___scrt_fastfail 47402 56f8d8 RegQueryValueExW 47400->47402 47404 56f904 47400->47404 47401 56fa27 RegCloseKey 47403 56fa2e 47401->47403 47402->47404 47403->47384 47404->47401 47404->47403 47406 56fcf6 47405->47406 47411 56fd09 47405->47411 47448 5706c0 47406->47448 47410 56fcfc 47410->47411 47480 5701f0 56 API calls SimpleUString::operator= 47410->47480 47412 56fd2a 47411->47412 47460 571c30 47411->47460 47413 56e663 47412->47413 47465 56e810 RtlEnterCriticalSection 47412->47465 47413->47392 47437 56f150 56 API calls 2 library calls 47413->47437 47416 56f790 2 API calls 47415->47416 47417 56fb3c 47416->47417 47418 56fb6c 47417->47418 47424 56fb73 GetProcAddress 47417->47424 47428 56fbe6 47417->47428 47421 56fbf7 47418->47421 47422 56fbdf RegCloseKey 47418->47422 47418->47428 47419 56fc68 47419->47421 47423 56fc8b RegSetValueExW 47419->47423 47420 56fcce 47425 56fcb3 RegCloseKey 47421->47425 47426 56fcba 47421->47426 47422->47428 47423->47421 47424->47418 47427 56fb83 47424->47427 47425->47426 47426->47393 47427->47418 47428->47419 47428->47420 47428->47421 47429 56fc4b RegSetValueExW 47428->47429 47429->47419 47431 56ec92 ___scrt_fastfail 47430->47431 47433 56ecd6 GetProcAddress 47431->47433 47434 56ece9 47431->47434 47432 56ed1b GetProcAddress 47435 56ed22 ___scrt_fastfail 47432->47435 47433->47434 47434->47432 47436 56ef37 47434->47436 47435->47374 47436->47374 47437->47389 47438->47388 47439->47375 47442 56f7f7 RegOpenKeyExW 47441->47442 47443 56f7aa 47441->47443 47445 56f7f0 47442->47445 47443->47442 47444 56f7af 47443->47444 47443->47445 47444->47400 47446 56f825 47445->47446 47447 56f816 RegCloseKey 47445->47447 47446->47400 47447->47446 47449 56f790 2 API calls 47448->47449 47458 570733 ___scrt_fastfail 47449->47458 47450 570a42 47450->47410 47451 570a3b RegCloseKey 47451->47450 47452 570770 RegEnumKeyExW 47453 5707a5 RegOpenKeyExW 47452->47453 47456 5709cf 47452->47456 47454 5707e6 RegQueryValueExW 47453->47454 47453->47458 47454->47458 47455 5709a2 RegCloseKey 47455->47458 47456->47450 47456->47451 47458->47452 47458->47455 47458->47456 47481 570ef0 47458->47481 47509 570a60 47458->47509 47464 571c70 ctype ___scrt_fastfail 47460->47464 47462 5720c9 47462->47412 47463 56fd60 2 API calls 47463->47464 47464->47462 47464->47463 47516 51e5b0 GetLastError 47464->47516 47466 56e882 47465->47466 47467 56e949 ___scrt_fastfail 47465->47467 47468 56e89b 47466->47468 47476 56e8a7 __mbsinc std::_Stofx_v2 BuildCatchObjectHelperInternal 47466->47476 47469 56ea65 StrTrimA StrTrimA 47467->47469 47517 56e300 56 API calls 5 library calls 47468->47517 47471 56eab0 47469->47471 47518 56e360 56 API calls 5 library calls 47471->47518 47472 56e8a2 RtlLeaveCriticalSection 47475 56eb67 47472->47475 47475->47413 47476->47472 47477 56eb6b 47476->47477 47478 56e410 52 API calls 47477->47478 47479 56ebdd 47477->47479 47478->47479 47479->47413 47480->47411 47482 56f790 2 API calls 47481->47482 47490 570f61 47482->47490 47483 570f80 RegEnumKeyExW 47484 570fb5 RegOpenKeyExW 47483->47484 47488 570f71 47483->47488 47487 570fe8 RegQueryValueExW 47484->47487 47484->47490 47485 5712bf 47485->47458 47486 5712bc RegCloseKey 47486->47485 47487->47490 47488->47485 47488->47486 47489 57108d RegCloseKey 47489->47490 47490->47483 47490->47488 47490->47489 47491 57106a StrCmpIW 47490->47491 47491->47490 47492 5710bc 47491->47492 47513 571330 RegQueryValueExW 47492->47513 47494 5710e4 47495 57124f 47494->47495 47497 571104 RegQueryValueExW 47494->47497 47495->47488 47496 5712a9 RegCloseKey 47495->47496 47496->47488 47498 571174 47497->47498 47501 571141 47497->47501 47498->47495 47499 56f790 2 API calls 47498->47499 47502 5711b4 47499->47502 47500 571235 StrStrIW 47500->47495 47500->47498 47501->47498 47501->47500 47503 5711c2 RegQueryValueExW 47502->47503 47507 57122a 47502->47507 47505 5711f7 47503->47505 47503->47507 47504 5712a2 RegCloseKey 47504->47495 47506 571266 StrStrIW 47505->47506 47505->47507 47506->47507 47508 57127c StrStrIW 47506->47508 47507->47495 47507->47504 47508->47507 47510 570a96 47509->47510 47512 570ac2 47510->47512 47515 51e5b0 GetLastError 47510->47515 47512->47458 47514 571362 47513->47514 47514->47494 47515->47512 47516->47464 47517->47472 47766 53f5a0 47767 53f5aa 47766->47767 47768 53f99e ___delayLoadHelper2@8 3 API calls 47767->47768 47769 53f5b7 47768->47769 47519 55c861 47520 55ca7d 47519->47520 47525 55c869 _wcschr ___scrt_fastfail 47519->47525 47521 55ca68 47522 55c9fd FindNextFileW 47524 55ca18 47522->47524 47522->47525 47523 55c910 _wcsstr 47523->47525 47525->47521 47525->47522 47525->47523 47770 54c2a1 47778 54c2ad BuildCatchObjectHelperInternal 47770->47778 47771 54c407 ___security_init_cookie ___scrt_fastfail 47777 54c422 __scrt_common_main_seh 47771->47777 47772 54c330 ___scrt_release_startup_lock 47773 54c33e 47772->47773 47775 54c346 ___scrt_is_nonwritable_in_current_image 47773->47775 47776 54c351 47773->47776 47774 54c2fd 47775->47776 47779 54c36c ___scrt_is_nonwritable_in_current_image 47776->47779 47780 54c377 47776->47780 47778->47771 47778->47772 47778->47774 47779->47780 47785 527750 47780->47785 47782 54c399 47782->47771 47783 54c3a4 47782->47783 47784 54c3ad ___scrt_uninitialize_crt 47783->47784 47784->47774 47844 55c500 47785->47844 47787 52778c CoInitialize NtdllDefWindowProc_W 47789 5277ad ctype ___scrt_fastfail 47787->47789 47788 527f58 47789->47788 47790 527889 SHGetSpecialFolderPathW PathAppendW 47789->47790 47849 54ac50 47790->47849 47792 5278bd 47856 503b40 47792->47856 47794 5278d8 47795 5278e0 47794->47795 47797 5279b6 ___scrt_fastfail 47794->47797 47796 54a950 2 API calls 47795->47796 47803 5278e5 47796->47803 47866 5405f0 47797->47866 47799 5279ec 47800 527a97 47799->47800 47801 5279f7 47799->47801 47871 528e50 47800->47871 47802 54a950 2 API calls 47801->47802 47813 5279fc 47802->47813 47805 54a950 2 API calls 47803->47805 47842 527976 47803->47842 47807 527956 47805->47807 47806 527aa4 47946 525830 47806->47946 47808 504ba0 21 API calls 47807->47808 47808->47842 47810 527aa9 47811 527ab1 47810->47811 47821 527b87 ___scrt_fastfail 47810->47821 47812 54a950 RtlEnterCriticalSection RtlLeaveCriticalSection 47811->47812 47817 527ab6 47812->47817 47814 54a950 2 API calls 47813->47814 47813->47842 47815 527a6d 47814->47815 47816 504ba0 21 API calls 47815->47816 47816->47842 47818 54a950 RtlEnterCriticalSection RtlLeaveCriticalSection 47817->47818 47817->47842 47819 527b27 47818->47819 47820 504ba0 21 API calls 47819->47820 47820->47842 47822 524fb0 RtlEnterCriticalSection RtlLeaveCriticalSection 47821->47822 47823 527bfa 47822->47823 47824 511360 23 API calls 47823->47824 47825 527c01 47824->47825 47826 524fb0 RtlEnterCriticalSection RtlLeaveCriticalSection 47825->47826 47827 527c6c 47826->47827 47828 510150 RtlEnterCriticalSection RtlLeaveCriticalSection 47827->47828 47829 527c73 47828->47829 47830 54a950 RtlEnterCriticalSection RtlLeaveCriticalSection 47829->47830 47834 527c78 47830->47834 47831 526850 RtlEnterCriticalSection 47832 527d5c 47831->47832 47833 524fb0 RtlEnterCriticalSection RtlLeaveCriticalSection 47832->47833 47835 527d66 47833->47835 47836 54a950 RtlEnterCriticalSection RtlLeaveCriticalSection 47834->47836 47843 527d09 47834->47843 47838 527d6d RtlEnterCriticalSection 47835->47838 47837 527ce9 47836->47837 47839 504ba0 21 API calls 47837->47839 47840 527dcf RtlLeaveCriticalSection 47838->47840 47841 527d87 47838->47841 47839->47843 47840->47842 47841->47840 47842->47782 47843->47831 47846 55c532 47844->47846 47845 55c561 47845->47787 47846->47845 47955 55ca90 47846->47955 47850 54a950 2 API calls 47849->47850 47851 54ac58 47850->47851 47852 54ac79 47851->47852 47853 54a950 2 API calls 47851->47853 47852->47792 47854 54ac61 47853->47854 47969 54aa40 47854->47969 47857 503b62 ___scrt_fastfail 47856->47857 47858 503c0f 47856->47858 47859 503b90 PathFindFileNameW 47857->47859 47858->47794 47860 503ba8 47859->47860 47860->47858 47861 503bb4 GetLastError 47860->47861 47862 503bdc RtlEnterCriticalSection 47861->47862 47865 503bc1 47861->47865 47863 503bf2 47862->47863 47864 503c07 RtlLeaveCriticalSection 47863->47864 47864->47858 47865->47794 47867 540634 PathFileExistsW 47866->47867 47868 540650 ___scrt_fastfail 47866->47868 47867->47868 47869 540643 ___scrt_fastfail 47867->47869 47868->47799 47869->47868 47870 540875 CertGetNameStringW 47869->47870 47870->47868 47872 54a950 2 API calls 47871->47872 47873 528e9c 47872->47873 47874 54a950 2 API calls 47873->47874 47880 528f35 ___scrt_fastfail 47873->47880 47875 528f18 47874->47875 47876 504ba0 21 API calls 47875->47876 47876->47880 47877 529053 SHGetValueW PathAppendW PathFileExistsW 47878 5290bd ___scrt_fastfail 47877->47878 47881 52918e 47877->47881 47879 5290d7 SHGetValueW 47878->47879 47883 529110 47879->47883 47880->47877 47881->47881 47881->47883 47884 529e83 47881->47884 47883->47881 47987 528d40 28 API calls ___scrt_fastfail 47883->47987 47885 54a950 2 API calls 47884->47885 47886 529f83 47885->47886 47887 54a950 2 API calls 47886->47887 47892 529ff8 47886->47892 47888 529fde 47887->47888 47890 504ba0 21 API calls 47888->47890 47889 52a0fc 47999 52acb0 28 API calls 3 library calls 47889->47999 47890->47892 47892->47889 47894 52a131 47892->47894 47913 52ab57 47892->47913 47893 52a1a1 47895 52a22b 47893->47895 47899 52a1ba 47893->47899 47893->47913 47998 528d40 28 API calls ___scrt_fastfail 47894->47998 47898 52a2e9 47895->47898 47902 52a227 47895->47902 47895->47913 47897 52a176 47897->47889 47904 52a3a0 47898->47904 47905 52a2e5 47898->47905 47898->47913 48000 528d40 28 API calls ___scrt_fastfail 47899->48000 47900 52920c 47900->47884 47988 528d40 28 API calls ___scrt_fastfail 47900->47988 47902->47895 48001 528d40 28 API calls ___scrt_fastfail 47902->48001 47907 52a39c 47904->47907 47904->47913 47905->47898 48002 528d40 28 API calls ___scrt_fastfail 47905->48002 47907->47904 48003 528d40 28 API calls ___scrt_fastfail 47907->48003 47910 5294e9 47910->47884 47989 528d40 28 API calls ___scrt_fastfail 47910->47989 47912 52a443 47912->47913 47916 52a4f5 47912->47916 48004 528d40 28 API calls ___scrt_fastfail 47912->48004 47915 529595 47915->47884 47990 528d40 28 API calls ___scrt_fastfail 47915->47990 47916->47913 47919 52a5a8 47916->47919 48005 528d40 28 API calls ___scrt_fastfail 47916->48005 47919->47913 47920 52a65b 47919->47920 48006 528d40 28 API calls ___scrt_fastfail 47919->48006 47920->47913 47923 52a715 47920->47923 48007 528d40 28 API calls ___scrt_fastfail 47920->48007 47923->47913 47926 52a7cf 47923->47926 48008 528d40 28 API calls ___scrt_fastfail 47923->48008 47925 52963a 47925->47884 47991 528d40 28 API calls ___scrt_fastfail 47925->47991 47926->47913 48009 528d40 28 API calls ___scrt_fastfail 47926->48009 47929 5296e5 47929->47884 47992 528d40 28 API calls ___scrt_fastfail 47929->47992 47931 52a887 47931->47913 48010 528d40 28 API calls ___scrt_fastfail 47931->48010 47933 529795 47933->47884 47993 528d40 28 API calls ___scrt_fastfail 47933->47993 47935 52a9c7 47935->47806 47935->47913 47936 52983a 47936->47884 47937 529986 47936->47937 47994 528d40 28 API calls ___scrt_fastfail 47936->47994 47937->47884 47940 529a6a 47937->47940 47995 528d40 28 API calls ___scrt_fastfail 47937->47995 47940->47884 47942 529b4a 47940->47942 47996 528d40 28 API calls ___scrt_fastfail 47940->47996 47942->47884 47944 529c2a 47942->47944 47997 528d40 28 API calls ___scrt_fastfail 47942->47997 47944->47884 47945 529dc2 47944->47945 47945->47806 48011 524fb0 47946->48011 47958 55cb00 47955->47958 47957 55c54a 47957->47787 47959 55cb28 ___scrt_fastfail 47958->47959 47960 55cb78 PathRemoveFileSpecW 47959->47960 47961 55cba0 47960->47961 47962 55cbda PathCombineW 47961->47962 47967 55cc0c ___scrt_fastfail 47962->47967 47963 55ccc4 47963->47957 47964 55cca4 FindNextFileW 47965 55ccbc 47964->47965 47964->47967 47965->47957 47966 55cc3f PathCombineW 47966->47967 47967->47963 47967->47964 47967->47966 47968 55cc91 47967->47968 47968->47964 47970 54aa83 RtlEnterCriticalSection 47969->47970 47972 54aa8a ctype ___scrt_fastfail 47969->47972 47970->47972 47971 54aaf5 SimpleUString::operator= 47974 54ab5c PathFileExistsW 47971->47974 47972->47971 47978 549d90 47972->47978 47975 54ab72 47974->47975 47976 54ac23 SimpleUString::operator= 47975->47976 47977 54ac1c RtlLeaveCriticalSection 47975->47977 47976->47852 47977->47976 47982 549de2 47978->47982 47979 549f54 47980 549f90 47979->47980 47986 58712a 3 API calls 3 library calls 47979->47986 47980->47971 47982->47979 47983 549e2c 47982->47983 47984 549f18 GetLastError 47983->47984 47985 549f25 47983->47985 47984->47985 47985->47971 47986->47980 47987->47900 47988->47910 47989->47915 47990->47925 47991->47929 47992->47933 47993->47936 47994->47937 47995->47940 47996->47942 47997->47944 47998->47897 47999->47893 48000->47902 48001->47905 48002->47907 48003->47912 48004->47916 48005->47919 48006->47920 48007->47923 48008->47926 48009->47931 48010->47935 48012 525031 48011->48012 48013 524fdc RtlEnterCriticalSection 48011->48013 48016 511700 48012->48016 48014 525021 RtlLeaveCriticalSection 48013->48014 48015 524ff0 ctype 48013->48015 48014->48012 48015->48014 48017 54a950 2 API calls 48016->48017 48019 511745 48017->48019 48018 5118d3 PathFindFileNameW 48025 5118e7 48018->48025 48020 54a950 2 API calls 48019->48020 48024 5117de ___scrt_fastfail 48019->48024 48021 5117c1 48020->48021 48022 504ba0 21 API calls 48021->48022 48022->48024 48023 51232d SimpleUString::operator= 48024->48018 48024->48023 48025->48023 48026 54a950 2 API calls 48025->48026 48027 51195c 48026->48027 48028 54a950 2 API calls 48027->48028 48032 5119fd 48027->48032 48029 5119e0 48028->48029 48030 504ba0 21 API calls 48029->48030 48030->48032 48032->48023 48049 50fd70 PathFileExistsW 48032->48049 48037 511b80 48037->48023 48055 50a8c0 48037->48055 48050 50fdb2 48049->48050 48054 50fe22 SimpleUString::operator= 48049->48054 48061 554080 _wcsrchr _wcsrchr 48050->48061 48052 50fdbe 48053 50fdfc PathRemoveExtensionW 48052->48053 48052->48054 48053->48054 48054->48037 48062 51ee40 48055->48062 48057 50a91c 48058 50a92e 48057->48058 48060 50b60d SimpleUString::operator= 48057->48060 48071 51f120 GetProcAddress 48058->48071 48061->48052 48063 51ee67 ___scrt_fastfail 48062->48063 48064 51ee7a Netbios 48063->48064 48065 51eeac 48064->48065 48068 51eebe 48064->48068 48065->48057 48066 51ef13 ___scrt_fastfail 48069 51ef23 Netbios 48066->48069 48067 51eed0 Netbios 48067->48066 48067->48068 48068->48066 48068->48067 48070 51ef00 48068->48070 48069->48070 48070->48057 48071->48060 48072 5401a1 48073 540113 48072->48073 48074 53f99e ___delayLoadHelper2@8 3 API calls 48073->48074 48074->48073 48075 51cea9 CreateCompatibleDC CreateCompatibleBitmap SelectObject SetViewportOrgEx 48082 51d010 48075->48082 48076 51cf65 BitBlt SelectObject 48077 51cfa4 48076->48077 48078 51cf9d DeleteObject 48076->48078 48079 51cfa8 DeleteDC 48077->48079 48080 51cfaf 48077->48080 48078->48077 48079->48080 48083 51d03c 48082->48083 48085 51d04d 48083->48085 48089 53f2c0 48083->48089 48084 51d07d 48084->48076 48085->48084 48100 519dc0 48085->48100 48104 51a600 48085->48104 48090 53f300 48089->48090 48092 53f429 48089->48092 48091 54a950 2 API calls 48090->48091 48090->48092 48093 53f314 48091->48093 48092->48085 48093->48092 48094 54a950 2 API calls 48093->48094 48095 53f378 48094->48095 48096 504ba0 21 API calls 48095->48096 48097 53f392 SimpleUString::operator= 48096->48097 48097->48092 48098 53f99e ___delayLoadHelper2@8 3 API calls 48097->48098 48099 53f4fc 48098->48099 48101 519dfd 48100->48101 48102 519dcd 48100->48102 48101->48085 48103 51a600 3 API calls 48102->48103 48103->48101 48105 51a611 48104->48105 48107 51a64c 48104->48107 48106 51a61d SetBkColor 48105->48106 48105->48107 48106->48107 48108 51a62f ExtTextOutW SetBkColor 48106->48108 48107->48085 48108->48107 48109 530b2d LoadImageW SendMessageW 48110 530b4d 48109->48110 48111 530ba7 48110->48111 48112 530000 2 API calls 48110->48112 48113 530b71 48112->48113 48120 53ec60 48113->48120 48115 530b78 48116 530000 2 API calls 48115->48116 48117 530b82 48116->48117 48124 53efa0 48117->48124 48119 530b89 48121 53ec7c 48120->48121 48123 53ec6e ctype ___scrt_fastfail 48120->48123 48122 5046f0 2 API calls 48121->48122 48121->48123 48122->48123 48123->48115 48125 53efb1 48124->48125 48128 53ee10 48125->48128 48127 53efc0 48127->48119 48129 53ee37 48128->48129 48131 53ee20 48128->48131 48129->48127 48130 53ef01 Shell_NotifyIconW 48130->48129 48132 53ef18 Shell_NotifyIconW 48130->48132 48131->48129 48131->48130 48131->48131 48132->48129 48133 5169af 48134 5169b8 EnumFontFamiliesW 48133->48134 48135 5169c9 48133->48135 48134->48135 48136 516a25 CreateFontW 48135->48136 48137 516a5e 48136->48137

                                                                                Executed Functions

                                                                                Function 00528D40 Relevance: 57.8, APIs: 4, Strings: 28, Instructions: 1828COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SHGetValueW.SHLWAPI(80000002,SOFTWARE\LuDaShi,Setup Path,00000001,?,?), ref: 00529094
                                                                                • PathAppendW.SHLWAPI(?,ComputerZ_CN.exe), ref: 005290A2
                                                                                • PathFileExistsW.SHLWAPI(?), ref: 005290AF
                                                                                • SHGetValueW.SHLWAPI(80000002,SOFTWARE\LuDaShi,VendorID,00000001,?,00000104), ref: 005290FE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: PathValue$AppendExistsFile
                                                                                • String ID: $(null)$--PID$--default_app$--for_cn_cmd$--for_inst_cmd$--for_tray_cmd$--inst_sign_patch$--no_msgbox$--no_tray_icon$--no_tray_menu$--skip_main$/DIR$/NOSOFTMGR$/NOSTART$/REPAIR$/RUN$/SKIPFIRSTPAGE$ComputerZ_CN.exe$Ludashi$SOFTWARE\LuDaShi$Setup Path$VendorID$[I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\instcommandparser.cpp$ludashi$start init force cmd..$start init net ctrl cmd..
                                                                                • API String ID: 4080632766-1701007695
                                                                                • Opcode ID: aedab581b2a5d5739b489a7aa395135aaa48c871dc16c805bc0e1db2fd48635c
                                                                                • Instruction ID: db2c46c4ece728aed2d5dce878fa780699aac69e87e70102b4e615d3a8eb1f33
                                                                                • Opcode Fuzzy Hash: aedab581b2a5d5739b489a7aa395135aaa48c871dc16c805bc0e1db2fd48635c
                                                                                • Instruction Fuzzy Hash: B5E28E70A006199BEB10DF68CD89BAEBBB5FF85324F1442A9A415DB3D2DB34DE44CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00527750 Relevance: 33.8, APIs: 6, Strings: 13, Instructions: 503nativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 2193 527750-5277d0 call 55c500 CoInitialize NtdllDefWindowProc_W call 55c5b0 call 6fd10f call 50b710 2203 5277d6-52781b call 50bce0 call 515140 2193->2203 2204 527f58-527f6f call 503560 * 2 2193->2204 2214 527825-527848 call 525090 call 516bc0 2203->2214 2215 52781d-527820 2203->2215 2220 52784a-527856 call 54bd45 2214->2220 2221 527868-5278da call 516960 call 51bf10 call 574840 SHGetSpecialFolderPathW PathAppendW call 54ac50 call 5038c0 call 503b40 2214->2221 2215->2214 2226 527861 2220->2226 2227 527858-52785f call 5165b0 2220->2227 2241 5278e0-5278f6 call 54a950 2221->2241 2242 5279b6-5279f1 call 574840 call 5405f0 2221->2242 2230 527863 2226->2230 2227->2230 2230->2221 2250 527b80-527b82 2241->2250 2251 5278fc-5279b1 call 5069d0 * 2 call 54a950 call 504ba0 call 507e20 call 5058c0 call 5054e0 * 2 2241->2251 2255 527a97-527aab call 524170 call 528e50 call 525830 2242->2255 2256 5279f7-527a0d call 54a950 2242->2256 2252 527e9a-527ece call 503900 call 516c00 call 852d43 2250->2252 2251->2252 2282 527ab1-527ac7 call 54a950 2255->2282 2283 527b87-527c27 call 524170 call 528af0 call 50b680 call 53e660 call 50b680 call 53e790 call 574840 call 50b680 call 53e590 call 524fb0 call 511360 call 50b680 call 53e610 2255->2283 2256->2250 2276 527a13-527a92 call 5069d0 * 2 call 54a950 call 504ba0 2256->2276 2307 527b4c-527b7b call 507e20 call 5058c0 call 5054e0 * 2 2276->2307 2282->2250 2301 527acd-527b47 call 5069d0 * 2 call 54a950 call 504ba0 2282->2301 2347 527c31-527c89 call 524170 call 52ac30 call 51bf20 call 50b680 call 53e120 call 524fb0 call 510150 call 54a950 2283->2347 2348 527c29-527c2c 2283->2348 2301->2307 2307->2250 2366 527d53-527d57 call 526850 2347->2366 2367 527c8f-527d4e call 5069d0 * 2 call 54a950 call 504ba0 call 507e20 * 2 call 5058c0 call 5054e0 * 2 2347->2367 2348->2347 2371 527d5c-527d85 call 524fb0 call 512a00 RtlEnterCriticalSection 2366->2371 2367->2366 2381 527d87-527d8b 2371->2381 2382 527dcf-527de8 RtlLeaveCriticalSection 2371->2382 2386 527d9d-527d9f 2381->2386 2387 527d8d-527d97 call 781bb0 2381->2387 2384 527dea-527dee 2382->2384 2385 527e28-527e30 2382->2385 2393 527df0-527df9 call 5839a0 2384->2393 2394 527dff-527e04 2384->2394 2390 527e32-527e35 2385->2390 2391 527e5a-527e68 2385->2391 2386->2382 2389 527da1-527da5 2386->2389 2387->2386 2398 527db6-527dcc call 54ba29 2389->2398 2399 527da7-527db0 call 5839a0 2389->2399 2390->2391 2400 527e37-527e3c 2390->2400 2403 527e8a-527e94 call 526da0 2391->2403 2404 527e6a 2391->2404 2393->2394 2395 527e16-527e25 call 54ba29 2394->2395 2396 527e06-527e0f call 5839a0 2394->2396 2395->2385 2396->2395 2398->2382 2399->2398 2411 527e44-527e58 2400->2411 2412 527e3e-527e40 2400->2412 2403->2252 2405 527e70-527e74 2404->2405 2415 527e83-527e88 2405->2415 2416 527e76-527e7d 2405->2416 2411->2391 2411->2400 2412->2411 2415->2403 2415->2405 2416->2415
                                                                                APIs
                                                                                • CoInitialize.OLE32(00000000), ref: 0052778E
                                                                                • NtdllDefWindowProc_W.NTDLL(00000000,00000000,00000000,00000000), ref: 0052779C
                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000000), ref: 00527899
                                                                                • PathAppendW.SHLWAPI(?,downloader\downloader.log), ref: 005278AB
                                                                                  • Part of subcall function 005405F0: PathFileExistsW.SHLWAPI(0051FD44,A0E3A5EF,A0E3A5EF,?,?), ref: 00540635
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 00507E20: __CxxThrowException@8.LIBVCRUNTIME ref: 005080BB
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                  • Part of subcall function 00526850: RtlEnterCriticalSection.NTDLL(005F76D0), ref: 005268AB
                                                                                  • Part of subcall function 00524FB0: RtlEnterCriticalSection.NTDLL(005CC2CC), ref: 00524FE1
                                                                                  • Part of subcall function 00524FB0: RtlLeaveCriticalSection.NTDLL(005CC2CC), ref: 00525026
                                                                                • RtlEnterCriticalSection.NTDLL(005F76D0), ref: 00527D77
                                                                                • RtlLeaveCriticalSection.NTDLL(005F76D0), ref: 00527DDA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$Enter$LeavePath$AppendException@8ExistsFileFolderInitInitializeIos_base_dtorNtdllProc_SpecialThrowWindowstd::ios_base::_std::locale::_
                                                                                • String ID: (null)$8xZ$ThunderMissionDownloadingMutex$[I]$cmdline (by force cmd) : $d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\inst.cpp$downloader\downloader.log$err : CheckSign fail, quit$err : ReInitCommandByNet fail, quit$inf : Instance exist, quit$run$xzq$v_
                                                                                • API String ID: 2026139407-1112718861
                                                                                • Opcode ID: 34d1d4f6e19a9bda88651504c5c0dc938b0e7911bc9359a8358977b708abf7f0
                                                                                • Instruction ID: b749c1c51fa989bce730dbd0a57bb59042681b8a23813e703008ca03e83d234a
                                                                                • Opcode Fuzzy Hash: 34d1d4f6e19a9bda88651504c5c0dc938b0e7911bc9359a8358977b708abf7f0
                                                                                • Instruction Fuzzy Hash: E112A570A002299FEB20EF60DC5AFAE7BA5BF95700F0005A4F509A71D1EB759E94CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055CB00 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 132fileCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3579 55cb00-55cb97 call 574840 * 4 call 880607 PathRemoveFileSpecW 3590 55cba0-55cba8 3579->3590 3591 55cbbe-55cc07 call 5786c5 PathCombineW call 66b053 3590->3591 3592 55cbaa-55cbb1 3590->3592 3597 55cc0c-55cc11 3591->3597 3592->3591 3593 55cbb3-55cbbc 3592->3593 3593->3590 3593->3591 3598 55ccc4-55ccd3 call 828825 3597->3598 3599 55cc17-55cc1e 3597->3599 3600 55cc20-55cc2a 3599->3600 3602 55cca4-55ccb6 FindNextFileW 3600->3602 3603 55cc2c-55cc6a call 574840 PathCombineW call 5405d0 3600->3603 3602->3600 3605 55ccbc-55ccc2 call 87add0 3602->3605 3612 55cc93-55cc9f call 55df50 3603->3612 3613 55cc6c 3603->3613 3612->3602 3614 55cc71-55cc84 call 58382b 3613->3614 3614->3612 3618 55cc86-55cc8f 3614->3618 3618->3614 3619 55cc91 3618->3619 3619->3602
                                                                                APIs
                                                                                • PathRemoveFileSpecW.SHLWAPI(?,?,00000000,?,00000104), ref: 0055CB7F
                                                                                • PathCombineW.SHLWAPI(?,?,*.dll,?,00000104), ref: 0055CBF6
                                                                                • PathCombineW.SHLWAPI(?,?,?,?,?,75B07350,?,?), ref: 0055CC57
                                                                                • FindNextFileW.KERNEL32(00000000,FFFFFFEF,?,75B07350,?,?), ref: 0055CCAC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Path$CombineFile$FindNextRemoveSpec
                                                                                • String ID: *.dll$C:\Windows\system32$`\$c:\users\user\desktop$h\
                                                                                • API String ID: 2383364361-3895805942
                                                                                • Opcode ID: 4e72ef0f3d67071ee2515ff559b241020210d8b5e85150a30f9d862f1961b5da
                                                                                • Instruction ID: c25a4f7d226119dd55b013129fa259a6de0cb0c4dc795c69bb04cbcd01005632
                                                                                • Opcode Fuzzy Hash: 4e72ef0f3d67071ee2515ff559b241020210d8b5e85150a30f9d862f1961b5da
                                                                                • Instruction Fuzzy Hash: EB41CBB190031D6ADB20DB50DC49FEA7BBCBF44700F4045B6AA59E7181EB70AE498F55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055CD30 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 133filenativeCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3620 55cd30-55cd8f call 574840 * 2 3625 55cd95-55cd97 3620->3625 3626 55cfb7-55cfbe 3620->3626 3625->3626 3627 55cd9d-55cda2 3625->3627 3628 55cfc0-55cfd1 NtOpenFile 3626->3628 3629 55cfd3-55cfe5 call 54bcdf 3626->3629 3627->3626 3630 55cda8-55cdad 3627->3630 3628->3629 3633 55cfb4 3630->3633 3634 55cdb3-55cdb7 3630->3634 3633->3626 3634->3633 3635 55cdbd-55cdcc _wcsrchr 3634->3635 3636 55cdd2-55ce21 call 578455 call 585859 call 5786c5 _wcsstr 3635->3636 3637 55cfae 3635->3637 3636->3637 3644 55ce27-55ce65 call 578455 call 5786c5 _wcsstr 3636->3644 3637->3633 3644->3637 3649 55ce6b-55ce7f StrStrIW 3644->3649 3649->3637 3650 55ce85-55ce93 call 55dc70 3649->3650 3650->3637 3653 55ce99-55ceb8 call 87557d 3650->3653 3653->3637 3656 55cebe-55cec4 call 65c32f 3653->3656
                                                                                APIs
                                                                                • _wcsrchr.LIBVCRUNTIME ref: 0055CDC0
                                                                                • _wcsstr.LIBVCRUNTIME ref: 0055CE17
                                                                                • _wcsstr.LIBVCRUNTIME ref: 0055CE5B
                                                                                • StrStrIW.SHLWAPI(?,C:\Windows\system32), ref: 0055CE77
                                                                                • NtOpenFile.NTDLL(?,?,?,?,?,?), ref: 0055CFCF
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: _wcsstr$FileOpen_wcsrchr
                                                                                • String ID: .dll$C:\Windows\system32$c:\users\user\desktop
                                                                                • API String ID: 3482954447-271662428
                                                                                • Opcode ID: b4c04c1eb91328975984e50f58c235c598288002dcd88cd5ef04e7d48d6bf699
                                                                                • Instruction ID: fdc9d37ff7b9e011d57058f2cbb4a6c1a4fb2ab2bec5dad8a53481d9e8b3cca1
                                                                                • Opcode Fuzzy Hash: b4c04c1eb91328975984e50f58c235c598288002dcd88cd5ef04e7d48d6bf699
                                                                                • Instruction Fuzzy Hash: D04196B1A4030D6FDB20DB64CC4AFAA7BAEBF44714F104156BA18E7181DBB4ED589B60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055C861 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 149fileCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: FileFindNext_wcschr_wcsstr
                                                                                • String ID: %s%s*$\WinSxS\
                                                                                • API String ID: 2184547985-1650559862
                                                                                • Opcode ID: 3944e9c34c39ad4ef1c9866aebaebf62796330cad9841b16180c9a447400d76b
                                                                                • Instruction ID: 4a80e35ae43a6161cc7dae66e7c7026fb94860d7c655cc24eb78936481d0d18f
                                                                                • Opcode Fuzzy Hash: 3944e9c34c39ad4ef1c9866aebaebf62796330cad9841b16180c9a447400d76b
                                                                                • Instruction Fuzzy Hash: 8E5154B2D0162D5AEB20DB64CC95BEEBBB8BB44311F0041E6E94DE6142EB745F858F50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00571C30 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast
                                                                                • String ID: \\.\PhysicalDrive%d$cV$cV
                                                                                • API String ID: 1452528299-2396578468
                                                                                • Opcode ID: e3525c73c359f7e644a8c953c487b9fe6f331b20b3822ff9803a0fd8cf65aefc
                                                                                • Instruction ID: 12201da5cf18c71e6188eefe47d66677b9c237d812edd2af3d6af0af2c0cdd05
                                                                                • Opcode Fuzzy Hash: e3525c73c359f7e644a8c953c487b9fe6f331b20b3822ff9803a0fd8cf65aefc
                                                                                • Instruction Fuzzy Hash: 2BA1C7B1D006199BEB30DB69DD49BA9BBB8FF40314F1482A5E91CA7282D7309E84DF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055DA06 Relevance: 3.1, APIs: 2, Instructions: 51processthreadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000), ref: 0055DA20
                                                                                • Thread32First.KERNEL32(00000000,?), ref: 0055DA4E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CreateFirstSnapshotThread32Toolhelp32
                                                                                • String ID:
                                                                                • API String ID: 490256885-0
                                                                                • Opcode ID: b6920fc1aa56dd9a1fea7860ac9ca9e5ca05a1cafe4d9782b0ddfb3cc092a44f
                                                                                • Instruction ID: 3c9a0b9ba9bc416fa3046767f45efcdf0493f8cd16274ef300cda883ffdd8a22
                                                                                • Opcode Fuzzy Hash: b6920fc1aa56dd9a1fea7860ac9ca9e5ca05a1cafe4d9782b0ddfb3cc092a44f
                                                                                • Instruction Fuzzy Hash: BC01B1B594021AAADB20BBB48C99ABF7A7DFF80351F0001A5B814D2142DB788C44D931
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053DB10 Relevance: 1.6, APIs: 1, Instructions: 87filenetworkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • URLDownloadToCacheFileW.URLMON(00000000,?,?,00000104,00000000,00000000), ref: 0053DB97
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CacheDownloadFile
                                                                                • String ID:
                                                                                • API String ID: 2268457997-0
                                                                                • Opcode ID: 65636a457da081c2fb9570c1b23f01cdd6f54c5188ab3df7b631955a0c09926c
                                                                                • Instruction ID: a171ac8afce094c65379adf7e6417052f784a9148feff4dcf51ae3703ab7bdca
                                                                                • Opcode Fuzzy Hash: 65636a457da081c2fb9570c1b23f01cdd6f54c5188ab3df7b631955a0c09926c
                                                                                • Instruction Fuzzy Hash: 5221DD75A00219ABDB20DF21ED51FABBBBCFF85B00F4541AAB90597280D774AD40CAA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00517160 Relevance: .1, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 30fae5687c88912f814cc4291fae7154d994058040627dc2d75fb5e61a320183
                                                                                • Instruction ID: 28290bdca3b15d17b0973741ca94c14e568e345e5e52e9e43c1e49643eeba96a
                                                                                • Opcode Fuzzy Hash: 30fae5687c88912f814cc4291fae7154d994058040627dc2d75fb5e61a320183
                                                                                • Instruction Fuzzy Hash: 4611617690461AAAEB21DF29D840ADAFBE8FF48360B10C56AFC29C7600D734D951CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055CFF0 Relevance: .0, Instructions: 50COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 859fd2a735f37e3199809ffff8f55f0bc1189441cd94867afa26945401ab52a5
                                                                                • Instruction ID: 340b0c063cd42b891e6f6f68c1e0186a7ebadfd4e4be6fa6668914ae76c58c0d
                                                                                • Opcode Fuzzy Hash: 859fd2a735f37e3199809ffff8f55f0bc1189441cd94867afa26945401ab52a5
                                                                                • Instruction Fuzzy Hash: 02015E35E0021CDBDB00DFA58881AEDBBB9EF99314F55816AE808B3101D670AE848B90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0050DBA2 Relevance: 67.2, APIs: 2, Strings: 35, Instructions: 2418COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PathFileExistsW.SHLWAPI(?,A0E3A5EF), ref: 0050FDA4
                                                                                • PathRemoveExtensionW.SHLWAPI(?), ref: 0050FE10
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalPathSection$EnterExistsExtensionFileInitIos_base_dtorLeaveRemovestd::ios_base::_std::locale::_
                                                                                • String ID: /S --no_tray_icon --skip_main$"%s"$%s $&$(^Z$(^Z$(^Z$(^Z$(^Z$(^Z$(^Z$(^Z$(^Z$(^Z$(null)$70e489bf-a8ba-460f-9c42-567695d37140$D]Z$P]Z$[I]$\]Z$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\common\downloader_cfg.cc$downloader cfg json invaild!$downloader cfg url valid : $h]Z$inf : de json $p]Z$parse downloader cfg dependence files invaild!$softid$sourceid$t]Z$thunder_url_:$webid$|]Z$]Z$]Z]Z
                                                                                • API String ID: 1648000983-1104904478
                                                                                • Opcode ID: aae1d07dfdd6bad48cd2a4c3f71f01339aa983c29504c6935d1d6cd3bbe17449
                                                                                • Instruction ID: 1be258593111579abdaa8125325f8389339f531b52d8f935d88f24b0280a9c5d
                                                                                • Opcode Fuzzy Hash: aae1d07dfdd6bad48cd2a4c3f71f01339aa983c29504c6935d1d6cd3bbe17449
                                                                                • Instruction Fuzzy Hash: E523D53090065A9FEB24DB28CC9DB9DBBB5BF85304F1442E9E409A72D2DB759E84CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00528E50 Relevance: 57.8, APIs: 4, Strings: 28, Instructions: 1803COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                • SHGetValueW.SHLWAPI(80000002,SOFTWARE\LuDaShi,Setup Path,00000001,?,?), ref: 00529094
                                                                                • PathAppendW.SHLWAPI(?,ComputerZ_CN.exe), ref: 005290A2
                                                                                • PathFileExistsW.SHLWAPI(?), ref: 005290AF
                                                                                • SHGetValueW.SHLWAPI(80000002,SOFTWARE\LuDaShi,VendorID,00000001,?,00000104), ref: 005290FE
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalPathSectionValue$AppendEnterExistsFileInitIos_base_dtorLeavestd::ios_base::_std::locale::_
                                                                                • String ID: $(null)$--PID$--default_app$--for_cn_cmd$--for_inst_cmd$--for_tray_cmd$--inst_sign_patch$--no_msgbox$--no_tray_icon$--no_tray_menu$--skip_main$/DIR$/NOSOFTMGR$/NOSTART$/REPAIR$/RUN$/SKIPFIRSTPAGE$ComputerZ_CN.exe$Ludashi$SOFTWARE\LuDaShi$Setup Path$VendorID$[I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\instcommandparser.cpp$ludashi$start init force cmd..$start init net ctrl cmd..
                                                                                • API String ID: 1728791583-1701007695
                                                                                • Opcode ID: 65195c23e0b149186d00b80d31ebc4fba87f53be266089109727069a2f8648d8
                                                                                • Instruction ID: 20cd63025b672bddb58ebea5c560ad23886ae8b67783c4f42bf9b2508e904c0f
                                                                                • Opcode Fuzzy Hash: 65195c23e0b149186d00b80d31ebc4fba87f53be266089109727069a2f8648d8
                                                                                • Instruction Fuzzy Hash: CCE29FB0A0061A9BEB10DF68CD89BADBBB4FF85314F1442A9A515DB3D2DB34DE44CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00570EF0 Relevance: 38.8, APIs: 13, Strings: 9, Instructions: 250registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 2132 570ef0-570f6f call 56f790 2135 570f71-570f73 2132->2135 2136 570f78-570f7b 2132->2136 2137 5712b2-5712ba 2135->2137 2138 570f80-570faf RegEnumKeyExW 2136->2138 2141 5712bf-5712d0 call 54bcdf 2137->2141 2142 5712bc-5712bd RegCloseKey 2137->2142 2139 570fb5-570fe2 RegOpenKeyExW 2138->2139 2140 5712ac-5712b1 2138->2140 2144 5710a0-5710b1 2139->2144 2145 570fe8-57102f RegQueryValueExW 2139->2145 2140->2137 2142->2141 2144->2138 2147 5710b7 2144->2147 2148 571031-57103a 2145->2148 2149 571089-57108b 2145->2149 2147->2140 2152 571041-571049 2148->2152 2153 57103c-57103f 2148->2153 2150 57108d-571090 RegCloseKey 2149->2150 2151 57109a 2149->2151 2150->2151 2151->2144 2154 571061-571063 2152->2154 2155 57104b-57104e 2152->2155 2153->2149 2153->2152 2157 57106a-571087 StrCmpIW 2154->2157 2155->2149 2156 571050-57105d 2155->2156 2156->2157 2158 57105f 2156->2158 2157->2149 2159 5710bc-5710e6 call 571330 2157->2159 2158->2149 2162 5712a5-5712a7 2159->2162 2163 5710ec-5710fe call 58545c 2159->2163 2162->2140 2164 5712a9-5712aa RegCloseKey 2162->2164 2163->2162 2167 571104-57113f RegQueryValueExW 2163->2167 2164->2140 2168 571174-57117d 2167->2168 2169 571141-57114a 2167->2169 2168->2162 2172 571183-5711bc call 56f790 2168->2172 2170 571151-571159 2169->2170 2171 57114c-57114f 2169->2171 2173 57115f-571161 2170->2173 2174 57122c-57122e 2170->2174 2171->2168 2171->2170 2180 5711c2-5711f1 RegQueryValueExW 2172->2180 2181 57129e-5712a0 2172->2181 2173->2168 2177 571163-57116e 2173->2177 2176 571235-571249 StrStrIW 2174->2176 2176->2168 2179 57124f-57125b 2176->2179 2177->2168 2177->2176 2179->2162 2180->2181 2183 5711f7-571200 2180->2183 2181->2162 2182 5712a2-5712a3 RegCloseKey 2181->2182 2182->2162 2184 571202-571205 2183->2184 2185 57120b-571213 2183->2185 2184->2181 2184->2185 2186 571215-571217 2185->2186 2187 57125d-57125f 2185->2187 2186->2181 2189 57121d-571228 2186->2189 2188 571266-57127a StrStrIW 2187->2188 2191 571292-571298 2188->2191 2192 57127c-571290 StrStrIW 2188->2192 2189->2188 2190 57122a 2189->2190 2190->2181 2191->2181 2192->2181 2192->2191
                                                                                APIs
                                                                                • RegEnumKeyExW.KERNEL32(00000000,00000000,?,00000104,00000000,00000000,00000000,?,?,80000002,SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318},00000008,75A8EB20,00000000), ref: 00570FA7
                                                                                • RegOpenKeyExW.KERNEL32(00000000,?,00000000,00000001,?), ref: 00570FDA
                                                                                • RegQueryValueExW.KERNEL32(?,NetCfgInstanceId,00000000,?,?,?), ref: 00571027
                                                                                • RegCloseKey.ADVAPI32(?), ref: 0057108E
                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 005712BD
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Close$EnumOpenQueryValue
                                                                                • String ID: BusType$DriverDesc$LowerRange$NDI\Interfaces$NetCfgInstanceId$SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}$Wireless$vwifi$wlan
                                                                                • API String ID: 2376581753-339742451
                                                                                • Opcode ID: f442c26ff955fc2fb4cf88a7bc1374ea9b37c4147c7ce4b2e1ad7c81e5385403
                                                                                • Instruction ID: 220825a5e544062ea000f62291338e3ec561b4f6030aa665ec9a2de71c65dbef
                                                                                • Opcode Fuzzy Hash: f442c26ff955fc2fb4cf88a7bc1374ea9b37c4147c7ce4b2e1ad7c81e5385403
                                                                                • Instruction Fuzzy Hash: 83A12E74A016289BEB20CF19DC48BEABBB9BF94700F0041D5E90DE7241DB759E94DF54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00533CA2 Relevance: 28.7, APIs: 10, Strings: 6, Instructions: 722networkCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 2431 533ca2-533cac 2432 533cae-533cb6 2431->2432 2433 533cbd-533cc2 2431->2433 2432->2433 2434 533cc4-533cc7 2433->2434 2435 533cce-533cd3 2433->2435 2434->2435 2437 533ce3-533cfc InternetOpenW 2435->2437 2438 533cd5-533cdc 2435->2438 2439 533cfe-533d17 call 5054e0 2437->2439 2440 533d1c-533d66 call 5335c0 2437->2440 2438->2437 2447 534798-5347a1 2439->2447 2448 533d96-533da4 2440->2448 2449 533d68-533d91 call 505530 * 2 call 5054e0 2440->2449 2450 5347a3-5347ac call 58712a 2447->2450 2451 5347b6-5347b7 call 54ba40 2447->2451 2452 533da6 2448->2452 2453 533daa-533dcf InternetConnectW 2448->2453 2449->2447 2450->2451 2462 5347bc-5347ce call 733091 2451->2462 2452->2453 2456 533dd1-533dfa call 505530 * 2 call 5054e0 2453->2456 2457 533dff-533e30 2453->2457 2456->2447 2463 533e32-533e3a 2457->2463 2464 533e3f-533e41 2457->2464 2468 533f14-533f5b HttpOpenRequestW 2463->2468 2469 533e44-533e49 2464->2469 2475 533f66-533f6a 2468->2475 2476 533f5d-533f63 call 5839a0 2468->2476 2469->2469 2473 533e4b-533e9a call 520860 call 7b0012 2469->2473 2501 533f06-533f08 2473->2501 2502 533e9c-533ea5 GetLastError 2473->2502 2477 533f9a-533fa2 2475->2477 2478 533f6c-533f95 call 505530 * 2 call 5054e0 2475->2478 2476->2475 2486 533fa4-533fa6 2477->2486 2487 533fa8-533fad 2477->2487 2478->2447 2492 533fbf-533fc7 2486->2492 2493 533fb0-533fb9 2487->2493 2497 533fc9-533fcb 2492->2497 2498 533fcd-533fcf 2492->2498 2493->2493 2496 533fbb-533fbd 2493->2496 2496->2492 2499 533fdb-53402a call 531fb0 HttpAddRequestHeadersA HttpSendRequestW 2497->2499 2500 533fd2-533fd7 2498->2500 2517 53406b-534091 call 5329c0 2499->2517 2518 53402c-534066 call 5054e0 call 505530 * 2 call 5054e0 2499->2518 2500->2500 2504 533fd9 2500->2504 2509 533f0e 2501->2509 2510 53487d-534897 call 5208e0 call 5210c0 2501->2510 2505 533f00 2502->2505 2506 533ea7-533efe call 6cc3cf call 520860 call 84f626 2502->2506 2504->2499 2505->2501 2506->2501 2509->2468 2524 53489c call 5065d0 2510->2524 2527 5341a3-5341f5 call 534ee0 call 574840 HttpQueryInfoA 2517->2527 2528 534097-5340b8 call 5348c0 2517->2528 2518->2447 2534 5348a1 2524->2534 2548 5341f7-534200 call 585486 2527->2548 2549 534206-534242 HttpQueryInfoA 2527->2549 2528->2527 2543 5340be-5340d4 call 54a950 2528->2543 2539 5348bf 2534->2539 2540 5348a1 call 578379 2534->2540 2540->2539 2562 534196-53419e call 505530 2543->2562 2563 5340da-534191 call 5069d0 * 2 call 54a950 call 504ba0 call 505800 call 5058c0 call 5054e0 * 2 2543->2563 2548->2549 2553 534285-53428b 2549->2553 2554 534244 2549->2554 2555 534299-5342aa 2553->2555 2556 53428d-534297 2553->2556 2559 53424e-534280 call 505530 call 5054e0 call 505530 * 2 call 5054e0 2554->2559 2560 5342f9-53432d call 85bb9f call 574840 InternetReadFile 2555->2560 2561 5342ac-5342ca call 587060 2555->2561 2556->2559 2559->2447 2585 534333-53434a 2560->2585 2586 5345fe 2560->2586 2576 5342e4-5342ee 2561->2576 2577 5342cc-5342d1 2561->2577 2562->2527 2563->2562 2576->2559 2577->2576 2581 5342d3-5342e2 call 58758e 2577->2581 2581->2576 2601 5342f3 2581->2601 2592 5345f2-5345fc 2585->2592 2593 534350-534358 2585->2593 2591 534608-534612 2586->2591 2597 534646-534664 2591->2597 2598 534614-534626 2591->2598 2592->2586 2592->2591 2599 5345e6-5345f0 2593->2599 2600 53435e-53436d call 6cf859 2593->2600 2606 534666-534675 2597->2606 2607 534695-5346b4 2597->2607 2604 534628-534636 2598->2604 2605 53463c-534643 call 54ba29 2598->2605 2599->2591 2622 534373-53437f 2600->2622 2623 5345da-5345e4 2600->2623 2601->2560 2604->2534 2604->2605 2605->2597 2612 534677-534685 2606->2612 2613 53468b-534692 call 54ba29 2606->2613 2615 5346b6-5346c8 2607->2615 2616 5346e8-534706 2607->2616 2612->2613 2613->2607 2624 5346ca-5346d8 2615->2624 2625 5346de-5346e5 call 54ba29 2615->2625 2618 53473a-53475b 2616->2618 2619 534708-53471a 2616->2619 2618->2447 2629 53475d-53476c 2618->2629 2627 534730-534737 call 54ba29 2619->2627 2628 53471c-53472a 2619->2628 2631 534381-53438a 2622->2631 2632 5343a9-5343ba 2622->2632 2623->2591 2624->2625 2625->2616 2627->2618 2628->2627 2638 534782-53478c call 54ba29 2629->2638 2639 53476e-53477c 2629->2639 2640 534390-5343a3 call 587b5f 2631->2640 2641 5345ce-5345d8 2631->2641 2633 5343e6-5343ec 2632->2633 2634 5343bc-5343e1 call 574f50 2632->2634 2633->2524 2643 5343f2-5343fd 2633->2643 2654 5344c1-5344e8 call 5069d0 call 639123 2634->2654 2638->2447 2639->2638 2640->2632 2640->2641 2641->2591 2649 534406-534413 2643->2649 2650 5343ff-534404 2643->2650 2656 534415-53441a 2649->2656 2657 53441c-534421 2649->2657 2655 534424-53442d 2650->2655 2660 534458-53445a 2655->2660 2661 53442f-534447 call 54bd45 2655->2661 2656->2655 2657->2655 2663 534469 2660->2663 2664 53445c-534467 call 54bd45 2660->2664 2661->2534 2675 53444d-534456 2661->2675 2670 53446b-53448e call 5742c0 2663->2670 2664->2670 2677 534490-53449e 2670->2677 2678 5344be 2670->2678 2675->2670 2679 5344a0-5344ae 2677->2679 2680 5344b4-5344bb call 54ba29 2677->2680 2678->2654 2679->2534 2679->2680 2680->2678
                                                                                APIs
                                                                                • InternetOpenW.WININET(00000000,00000000,00000000,00000000), ref: 00533CF1
                                                                                • InternetConnectW.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00533DC4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Internet$ConnectOpen
                                                                                • String ID: 0ZZ$<ZZ$P$[I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\net\wininet_tttp.cc$send redirect url fail
                                                                                • API String ID: 2790792615-2604422442
                                                                                • Opcode ID: 3069b4bf37b3302095fb763f76761bde9132a549e37e8f06131c74ba84356044
                                                                                • Instruction ID: ee49b3c7f9e55a68795507ac7f5e3459810dd0530c55a4595606da5666a6d24a
                                                                                • Opcode Fuzzy Hash: 3069b4bf37b3302095fb763f76761bde9132a549e37e8f06131c74ba84356044
                                                                                • Instruction Fuzzy Hash: 3552B1719002599BDF24DF64CC89BEEBFB5BF45304F5041A8E809A72D2EB74AA84CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005172E0 Relevance: 21.5, APIs: 10, Strings: 2, Instructions: 525registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 2864 5172e0-51732b 2865 517335-51733a 2864->2865 2866 517340-517351 call 50b710 2865->2866 2867 5178fa-517917 2865->2867 2873 517357-517388 2866->2873 2874 51793b-517940 call 503560 2866->2874 2867->2865 2868 51791d-517938 call 54bcdf 2867->2868 2879 5173a0-5173a7 2873->2879 2880 51738a-51739a call 5100b0 2873->2880 2876 517945-5179c1 call 503560 call 508ed0 RegOpenKeyExW 2874->2876 2892 5179c3-5179c8 2876->2892 2893 5179cd-5179ee call 5172e0 2876->2893 2879->2876 2883 5173ad-5173e2 RegEnumKeyExW call 583c27 2879->2883 2880->2879 2883->2876 2890 5173e8-5173eb 2883->2890 2890->2876 2891 5173f1-5173fc 2890->2891 2894 517402-517408 2891->2894 2895 5178c9-5178de 2891->2895 2897 517b1c-517b34 2892->2897 2906 5179f0-5179f3 RegCloseKey 2893->2906 2907 5179fa-517a01 2893->2907 2894->2895 2898 51740e-517435 RegOpenKeyExW 2894->2898 2900 5178e0-5178e3 2895->2900 2901 5178e8-5178f4 2895->2901 2902 517b54-517b66 2897->2902 2903 517b36-517b51 2897->2903 2904 517876-517878 2898->2904 2905 51743b-51749b call 574840 RegQueryValueExW PathUnquoteSpacesW 2898->2905 2900->2901 2901->2867 2904->2894 2910 51787e 2904->2910 2919 51749d-5174a6 PathAppendW 2905->2919 2920 5174ac-5174d4 RegCloseKey PathFindFileNameW call 50b710 2905->2920 2906->2907 2911 517a07-517a24 call 71f0ab GetProcAddress 2907->2911 2912 517acb-517ad2 2907->2912 2910->2895 2929 517ab8-517ac1 2911->2929 2930 517a2a-517a4a 2911->2930 2915 517ad4-517aef RegOpenKeyExW 2912->2915 2916 517b17 2912->2916 2917 517af1-517af6 2915->2917 2918 517af8-517b01 call 5172e0 2915->2918 2916->2897 2917->2897 2924 517b06-517b0b 2918->2924 2919->2920 2920->2874 2928 5174da-5174f0 2920->2928 2924->2916 2927 517b0d-517b10 RegCloseKey 2924->2927 2927->2916 2935 5174f6-5174fc 2928->2935 2936 5175eb-5175f1 call 50a710 2928->2936 2929->2912 2933 517a4c-517a50 2930->2933 2934 517aae 2930->2934 2933->2934 2938 517a52-517a56 2933->2938 2934->2929 2939 517512 2935->2939 2940 5174fe-51750d call 50bce0 2935->2940 2941 5175f6 2936->2941 2938->2934 2942 517a58-517a79 GetProcAddress 2938->2942 2943 517515-51751e 2939->2943 2940->2941 2946 5175fc-517609 call 50b710 2941->2946 2952 517aa5-517aac 2942->2952 2953 517a7b-517a8e call 7224fc 2942->2953 2943->2943 2947 517520-517524 2943->2947 2946->2874 2955 51760f-51762c 2946->2955 2947->2936 2950 51752a-517545 2947->2950 2950->2876 2954 51754b-51755a 2950->2954 2952->2929 2953->2952 2978 517a90-517aa3 2953->2978 2957 517574-51757a 2954->2957 2958 51755c-51756e call 5100b0 2954->2958 2968 517642-517661 2955->2968 2969 51762e-51763d call 50bce0 2955->2969 2961 5175c4-5175d4 call 516720 2957->2961 2962 51757c-517587 2957->2962 2958->2957 2966 5175d7-5175da 2961->2966 2962->2966 2967 517589-51758b 2962->2967 2966->2876 2974 5175e0-5175e9 2966->2974 2972 51758d-51759d call 578442 call 578369 2967->2972 2973 51759f-5175a3 2967->2973 2979 517663-517670 call 5100b0 2968->2979 2980 517676-51767c 2968->2980 2994 5176f7-517730 call 54cd50 2969->2994 2972->2966 2975 5175a5-5175b5 call 578442 call 578369 2973->2975 2976 5175b7-5175c2 call 574f50 2973->2976 2974->2946 2975->2966 2976->2966 2978->2929 2979->2980 2982 5176c1-5176d1 call 516720 2980->2982 2983 51767e-517686 2980->2983 3004 5176d4-5176de 2982->3004 2990 517688-517698 call 578442 call 578369 2983->2990 2991 51769a-51769f 2983->2991 2990->3004 3002 5176a1-5176b1 call 578442 call 578369 2991->3002 3003 5176b3-5176bf call 574f50 2991->3003 3012 517732-517735 2994->3012 3013 51773a-517749 PathFileExistsW 2994->3013 3002->3004 3003->3004 3004->2876 3010 5176e4-5176f3 3004->3010 3010->2994 3012->3013 3017 51774b-51774d 3013->3017 3018 51776a-517783 3013->3018 3017->2874 3020 517753-517764 call 58382b 3017->3020 3022 517785-51778c 3018->3022 3023 5177ca-5177dc 3018->3023 3020->3018 3038 517880-5178a3 3020->3038 3024 5177a6-5177b0 3022->3024 3025 51778e-517792 3022->3025 3026 5177f4-5177fb 3023->3026 3027 5177de-5177ee call 5100b0 3023->3027 3030 5177b2-5177b5 3024->3030 3031 5177ba-5177c4 3024->3031 3025->2876 3029 517798-5177a4 3025->3029 3026->2876 3033 517801-51784a RegEnumKeyExW 3026->3033 3027->3026 3029->3023 3030->3031 3031->3023 3036 517854-517866 3033->3036 3037 51784c-51784f 3033->3037 3039 517870 3036->3039 3040 517868-51786b 3036->3040 3037->3036 3042 5178a5-5178a8 3038->3042 3043 5178ad-5178bf 3038->3043 3039->2904 3040->3039 3042->3043 3043->2895 3044 5178c1-5178c4 3043->3044 3044->2895
                                                                                APIs
                                                                                • RegEnumKeyExW.KERNEL32(00000000,00000000,00000010,00000104,00000000,00000000,00000000,00000000), ref: 005173CC
                                                                                • RegOpenKeyExW.KERNEL32(?,00000010,00000000,00020019,?), ref: 0051742D
                                                                                • RegQueryValueExW.KERNEL32(00000000,0140C060,00000000,00000001,?,?), ref: 00517484
                                                                                • PathUnquoteSpacesW.SHLWAPI(?), ref: 00517491
                                                                                • PathAppendW.SHLWAPI(?,005F73F0), ref: 005174A6
                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 005174B2
                                                                                • PathFindFileNameW.SHLWAPI(?), ref: 005174BF
                                                                                • PathFileExistsW.SHLWAPI(?), ref: 00517741
                                                                                • RegEnumKeyExW.KERNEL32(?,00000000,00000010,00000104,00000000,00000000,00000000,00000000), ref: 0051782A
                                                                                • RegOpenKeyExW.KERNEL32(80000002,005113C4,00000000,00020019,A0E3A5EF,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,A0E3A5EF,?,?,?,?,?,?,?,00000000,0059E488), ref: 005179B9
                                                                                Strings
                                                                                • 70e489bf-a8ba-460f-9c42-567695d37140, xrefs: 0051761D, 005176C3
                                                                                • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00517988
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Path$EnumFileOpen$AppendCloseExistsFindNameQuerySpacesUnquoteValue
                                                                                • String ID: 70e489bf-a8ba-460f-9c42-567695d37140$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                • API String ID: 1551688290-1520585418
                                                                                • Opcode ID: 4b79be83c569f86b8f32b02737e06b6c3950795b4f3b5000b7cc40f4f70a53e7
                                                                                • Instruction ID: be4dc5814e990fb2322f92182cd3b27ad38e0003d7e8764f8d29c05b66f2680a
                                                                                • Opcode Fuzzy Hash: 4b79be83c569f86b8f32b02737e06b6c3950795b4f3b5000b7cc40f4f70a53e7
                                                                                • Instruction Fuzzy Hash: 7D22A27190460A9FEB10DF68CC88BA9BBF8FF48310F1485A9E459D7291DB749E84CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051E7FF Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 165libraryloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3045 51e7ff-51e803 3046 51e805-51e80f 3045->3046 3047 51e859-51e877 3045->3047 3054 51e811-51e826 3046->3054 3055 51e82d-51e833 call 64651f 3046->3055 3050 51e932-51e93c 3047->3050 3051 51e87d-51e894 call 842a5c GetProcAddress 3047->3051 3052 51e942-51e95e call 54ba23 3050->3052 3053 51eb3d-51eb63 call 54ba23 3050->3053 3069 51e928 3051->3069 3070 51e89a-51e913 GetNativeSystemInfo GetProcAddress call 78265b 3051->3070 3052->3053 3068 51e964-51e96d 3052->3068 3066 51eb65-51eb91 call 50a800 3053->3066 3067 51eb96-51ebb2 call 54ba40 3053->3067 3054->3055 3066->3067 3068->3053 3072 51e973-51e9dd call 514f20 call 50a800 call 54ba23 call 5097e0 3068->3072 3069->3050 3070->3069 3093 51e9df 3072->3093 3093->3053
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0051E890
                                                                                • GetNativeSystemInfo.KERNEL32(?), ref: 0051E8B0
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0051E8E3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$InfoNativeSystem
                                                                                • String ID: %d.%d.%d.%d$GetNativeSystemInfo$IsWow64Process2$RtlGetNtVersionNumbers$\StringFileInfo\%04x%04x\FileVersion$\VarFileInfo\Translation$kernel32$kernel32.dll
                                                                                • API String ID: 3947342885-1803615025
                                                                                • Opcode ID: 553010e3042710212e5308180c05cde95057c148efbb1f38428f51e597555f37
                                                                                • Instruction ID: baccb92b6490b4fe880cabb700e9dac56f84e4f603fa319186a9133714765eaf
                                                                                • Opcode Fuzzy Hash: 553010e3042710212e5308180c05cde95057c148efbb1f38428f51e597555f37
                                                                                • Instruction Fuzzy Hash: 7B5163B5800219AAEB50DF94CC46FFE7FB8BF09714F14411AFC05A6181E7799A85CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00517950 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 157registrylibraryloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3095 517950-5179c1 call 508ed0 RegOpenKeyExW 3098 5179c3-5179c8 3095->3098 3099 5179cd-5179ee call 5172e0 3095->3099 3101 517b1c-517b34 3098->3101 3105 5179f0-5179f3 RegCloseKey 3099->3105 3106 5179fa-517a01 3099->3106 3103 517b54-517b66 3101->3103 3104 517b36-517b51 3101->3104 3105->3106 3108 517a07-517a24 call 71f0ab GetProcAddress 3106->3108 3109 517acb-517ad2 3106->3109 3120 517ab8-517ac1 3108->3120 3121 517a2a-517a4a 3108->3121 3111 517ad4-517aef RegOpenKeyExW 3109->3111 3112 517b17 3109->3112 3113 517af1-517af6 3111->3113 3114 517af8-517b01 call 5172e0 3111->3114 3112->3101 3113->3101 3117 517b06-517b0b 3114->3117 3117->3112 3119 517b0d-517b10 RegCloseKey 3117->3119 3119->3112 3120->3109 3123 517a4c-517a50 3121->3123 3124 517aae 3121->3124 3123->3124 3125 517a52-517a56 3123->3125 3124->3120 3125->3124 3126 517a58-517a79 GetProcAddress 3125->3126 3128 517aa5-517aac 3126->3128 3129 517a7b-517a8e call 7224fc 3126->3129 3128->3120 3129->3128 3133 517a90-517aa3 3129->3133 3133->3120
                                                                                APIs
                                                                                • RegOpenKeyExW.KERNEL32(80000002,005113C4,00000000,00020019,A0E3A5EF,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,A0E3A5EF,?,?,?,?,?,?,?,00000000,0059E488), ref: 005179B9
                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,00000000,?,?,?,?,?,00000000,0059E488,000000FF,?,005113C4), ref: 005179F1
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00517A20
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00517A73
                                                                                • RegOpenKeyExW.KERNEL32(80000002,005113C4,00000000,00020119,00000000,00000000,00000000,?,?,?,?,?,00000000,0059E488,000000FF), ref: 00517AE7
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressOpenProc$Close
                                                                                • String ID: GetNativeSystemInfo$IsWow64Process2$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall$kernel32$kernel32.dll
                                                                                • API String ID: 550205989-3256748076
                                                                                • Opcode ID: d8d9b53c98a69ed1113eb95173e7607f66ce62841ca3f6a3fad3f114aac6ea20
                                                                                • Instruction ID: fb6e9b4be85fcc24086ad76b21c1f35257c977368f548c1d7829d87728d9dde6
                                                                                • Opcode Fuzzy Hash: d8d9b53c98a69ed1113eb95173e7607f66ce62841ca3f6a3fad3f114aac6ea20
                                                                                • Instruction Fuzzy Hash: F251427190461DABEB10DFA9CC45BEEBFB8FF48310F144519E815E3291D7789A85CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051EBC0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 131COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3134 51ebc0-51ec10 call 50b710 3137 51ec16-51ec87 call 574840 SHGetValueW 3134->3137 3138 51ed5d-51ed62 call 503560 3134->3138 3146 51ed40-51ed5c call 54bcdf 3137->3146 3147 51ec8d-51ec9c PathFileExistsW 3137->3147 3140 51ed67-51ed71 call 503560 3138->3140 3147->3146 3148 51eca2-51ecab call 50b710 3147->3148 3148->3140 3153 51ecb1-51ecda call 51e5d0 3148->3153 3157 51ed07-51ed36 call 51e750 3153->3157 3158 51ecdc-51ece2 3153->3158 3157->3146 3164 51ed38-51ed3b 3157->3164 3159 51ece5-51ecee 3158->3159 3159->3159 3161 51ecf0-51ed02 call 511050 3159->3161 3161->3157 3164->3146
                                                                                APIs
                                                                                • SHGetValueW.SHLWAPI(80000002,SOFTWARE\Ludashi,005A5E28,?,?,00000208), ref: 0051EC7F
                                                                                • PathFileExistsW.SHLWAPI(?), ref: 0051EC94
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ExistsFilePathValue
                                                                                • String ID: %d.%d.%d.%d$GetNativeSystemInfo$IsWow64Process2$SOFTWARE\Ludashi$\StringFileInfo\%04x%04x\FileVersion$\VarFileInfo\Translation$kernel32$kernel32.dll$ntdll.dll
                                                                                • API String ID: 3304367237-2673207411
                                                                                • Opcode ID: 6142132533d182d9524b1a636091d7c87055fd41588126aafee9f7f7993f3439
                                                                                • Instruction ID: 30c778358ef808ac44a2374a474b17214dd287476ad27ef4d3aee5c4c0ad9e03
                                                                                • Opcode Fuzzy Hash: 6142132533d182d9524b1a636091d7c87055fd41588126aafee9f7f7993f3439
                                                                                • Instruction Fuzzy Hash: E2417F7594021DABEB10DF54DC49BDEBBB8FF54314F1442A9E809A7291EB709A84CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0056FAE0 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 177registrylibraryloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3165 56fae0-56fb3e call 56f790 3168 56fb44-56fb56 3165->3168 3169 56fc08 3165->3169 3170 56fbb3-56fbc9 3168->3170 3171 56fb58-56fb5b 3168->3171 3172 56fc0b-56fc17 3169->3172 3181 56fbd4-56fbd6 3170->3181 3173 56fba6-56fbaa 3171->3173 3174 56fb5d-56fb6a call 6448a4 3171->3174 3175 56fc68-56fc6c 3172->3175 3176 56fc19-56fc1d 3172->3176 3173->3170 3180 56fbac-56fbb1 3173->3180 3195 56fb73-56fb81 GetProcAddress 3174->3195 3196 56fb6c-56fb71 3174->3196 3182 56fc73-56fc78 3175->3182 3183 56fc6e-56fc71 3175->3183 3178 56fc23-56fc2f call 58382b 3176->3178 3179 56fcce-56fcd8 call 503560 3176->3179 3178->3175 3203 56fc31-56fc35 3178->3203 3180->3181 3189 56fbfe-56fc03 3181->3189 3190 56fbd8-56fbdd 3181->3190 3185 56fc80-56fc89 3182->3185 3184 56fca8-56fcac 3183->3184 3194 56fcaf-56fcb1 3184->3194 3185->3185 3193 56fc8b-56fca2 RegSetValueExW 3185->3193 3189->3194 3191 56fbe6-56fbf5 3190->3191 3192 56fbdf-56fbe0 RegCloseKey 3190->3192 3191->3172 3199 56fbf7-56fbf9 3191->3199 3192->3191 3193->3184 3200 56fcb3-56fcb4 RegCloseKey 3194->3200 3201 56fcba-56fccd 3194->3201 3195->3180 3202 56fb83-56fba4 3195->3202 3196->3181 3199->3194 3200->3201 3202->3181 3203->3175 3204 56fc37-56fc3c 3203->3204 3206 56fc40-56fc49 3204->3206 3206->3206 3207 56fc4b-56fc62 RegSetValueExW 3206->3207 3207->3175
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000,RegCreateKeyTransactedW), ref: 0056FB79
                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 0056FBE0
                                                                                • RegSetValueExW.ADVAPI32(00000000,m2_old,00000000,00000001,?,00000000), ref: 0056FC62
                                                                                • RegSetValueExW.KERNEL32(00000000,005B3718,00000000,00000001,?,00000000,80000002,00000202,A0E3A5EF), ref: 0056FCA2
                                                                                • RegCloseKey.ADVAPI32(00000000,?,00000000,80000002,00000202,A0E3A5EF), ref: 0056FCB4
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CloseValue$AddressProc
                                                                                • String ID: Advapi32.dll$RegCreateKeyTransactedW$]V$]V$m2_old
                                                                                • API String ID: 4281724321-2816614704
                                                                                • Opcode ID: b3edaac2d744101fc23c6902356574140586aae077429740d9edb1a0f880999f
                                                                                • Instruction ID: 56a3471da0ee5196b62daa43fb9538326ad34e08288fb56227c09dc1ca67c344
                                                                                • Opcode Fuzzy Hash: b3edaac2d744101fc23c6902356574140586aae077429740d9edb1a0f880999f
                                                                                • Instruction Fuzzy Hash: 06518175A04219ABEB248F54DC5AFBABBB9FF45B04F14412DEE01B7290DB74A904CB60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051E834 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 155libraryloaderCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3208 51e834-51e838 3209 51e859-51e877 3208->3209 3210 51e83a-51e840 3208->3210 3216 51e932-51e93c 3209->3216 3217 51e87d-51e894 call 842a5c GetProcAddress 3209->3217 3211 51e842-51e846 3210->3211 3212 51e84a-51e84d 3210->3212 3214 51e848 3211->3214 3215 51e84f 3211->3215 3212->3209 3212->3215 3214->3209 3215->3209 3218 51e942-51e95e call 54ba23 3216->3218 3219 51eb3d-51eb63 call 54ba23 3216->3219 3230 51e928 3217->3230 3231 51e89a-51e8ba GetNativeSystemInfo 3217->3231 3218->3219 3229 51e964-51e96d 3218->3229 3227 51eb65-51eb91 call 50a800 3219->3227 3228 51eb96-51ebb2 call 54ba40 3219->3228 3227->3228 3229->3219 3233 51e973-51e9dd call 514f20 call 50a800 call 54ba23 call 5097e0 3229->3233 3230->3216 3235 51e8bc-51e913 GetProcAddress call 78265b 3231->3235 3254 51e9df 3233->3254 3235->3230 3254->3219
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0051E890
                                                                                • GetNativeSystemInfo.KERNEL32(?), ref: 0051E8B0
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0051E8E3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$InfoNativeSystem
                                                                                • String ID: %d.%d.%d.%d$GetNativeSystemInfo$IsWow64Process2$\StringFileInfo\%04x%04x\FileVersion$\VarFileInfo\Translation$kernel32$kernel32.dll
                                                                                • API String ID: 3947342885-1705451186
                                                                                • Opcode ID: ea6dfd0798f13f6ecdd0fe7e47197d32ac3f1da6c25d88560f4dfef24a6dc97a
                                                                                • Instruction ID: 3816f105e3f5d82ed62316e02296a164eb486c5ea88823dee9f50e2ca260a129
                                                                                • Opcode Fuzzy Hash: ea6dfd0798f13f6ecdd0fe7e47197d32ac3f1da6c25d88560f4dfef24a6dc97a
                                                                                • Instruction Fuzzy Hash: FC5173B1C04209AAEB50DF94C946BFEBFB8FF09314F14411AFC05A6181E7799AC5DB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00511700 Relevance: 16.4, APIs: 1, Strings: 8, Instructions: 659COMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3256 511700-511756 call 54a950 3260 51175c-511812 call 5069d0 * 2 call 54a950 call 504ba0 call 505800 call 5058c0 3256->3260 3261 51189f-5118eb call 574840 call 6f99c6 PathFindFileNameW call 50b710 3256->3261 3304 511843-51186e 3260->3304 3305 511814-511823 3260->3305 3274 5118f1-511908 3261->3274 3275 512337-51233c call 503560 3261->3275 3284 511941 3274->3284 3285 51190a-511910 3274->3285 3279 512341 call 578379 3275->3279 3286 512346 call 578379 3279->3286 3287 511943-51194b call 511050 3284->3287 3288 511923-511928 3285->3288 3289 511912-511921 call 50bce0 3285->3289 3296 51234b-512350 call 503560 3286->3296 3298 511950-511973 call 54a950 3287->3298 3290 511930-511939 3288->3290 3289->3298 3290->3290 3295 51193b-51193f 3290->3295 3295->3287 3303 512355-51235a call 503560 3296->3303 3320 511ad2-511afd call 50b710 3298->3320 3321 511979-511a42 call 5069d0 * 2 call 54a950 call 504ba0 call 505800 call 507e20 call 5058c0 3298->3321 3311 51235f-51238f call 503560 call 578379 3303->3311 3304->3261 3310 511870-51187f 3304->3310 3308 511825-511833 3305->3308 3309 511839-511840 call 54ba29 3305->3309 3308->3309 3312 51232d call 578379 3308->3312 3309->3304 3315 511881-51188f 3310->3315 3316 511895-51189c call 54ba29 3310->3316 3323 512332 call 578379 3312->3323 3315->3316 3315->3323 3316->3261 3320->3296 3332 511b03-511b20 3320->3332 3372 511a73-511a9b 3321->3372 3373 511a44-511a53 3321->3373 3323->3275 3339 511b33-511b3c 3332->3339 3340 511b22-511b31 call 50bce0 3332->3340 3342 511b40-511b49 3339->3342 3347 511b62-511b9a call 50fd70 3340->3347 3342->3342 3346 511b4b-511b5d call 511050 3342->3346 3346->3347 3355 511ba4-511bb6 3347->3355 3356 511b9c-511b9f 3347->3356 3357 511cec-511cfb call 50a8c0 3355->3357 3358 511bbc-511bc9 call 50b710 3355->3358 3356->3355 3362 511d00-511d0e 3357->3362 3358->3303 3368 511bcf-511bfb 3358->3368 3365 511d10-511d21 3362->3365 3366 511d3b-511d48 call 858718 3362->3366 3369 511d23-511d26 3365->3369 3370 511d2b-512006 call 5099d0 3365->3370 3381 511c01-511c0c 3368->3381 3382 511cb9-511ce2 call 509e00 3368->3382 3369->3370 3394 512010-512026 call 54a950 3370->3394 3395 512008-51200b 3370->3395 3375 511a9d-511aac 3372->3375 3376 511acc 3372->3376 3379 511a55-511a63 3373->3379 3380 511a69-511a70 call 54ba29 3373->3380 3383 511ac2-511ac9 call 54ba29 3375->3383 3384 511aae-511abc 3375->3384 3376->3320 3379->3279 3379->3380 3380->3372 3381->3382 3388 511c12-511c14 3381->3388 3382->3357 3397 511ce4-511ce7 3382->3397 3383->3376 3384->3286 3384->3383 3388->3311 3392 511c1a-511c1f 3388->3392 3392->3311 3399 511c25-511c30 3392->3399 3407 512181 3394->3407 3408 51202c-5120f2 call 5069d0 * 2 call 54a950 call 504ba0 call 505800 call 509eb0 call 5058c0 3394->3408 3395->3394 3397->3357 3401 511cb6 3399->3401 3402 511c36-511c4c 3399->3402 3401->3382 3402->3311 3403 511c52-511c61 3402->3403 3405 511c63-511c75 call 5100b0 3403->3405 3406 511c7b-511c8e 3403->3406 3405->3406 3406->3311 3410 511c94-511cb0 3406->3410 3411 512187-51219d call 54a950 3407->3411 3446 512123-51214e 3408->3446 3447 5120f4-512103 3408->3447 3410->3388 3410->3401 3421 5121a3-512288 call 5069d0 * 2 call 54a950 call 504ba0 call 505800 call 507e20 call 505800 call 507e20 call 5058c0 3411->3421 3422 51230e-51232c call 54bcdf 3411->3422 3465 5122b9-5122dd 3421->3465 3466 51228a-512299 3421->3466 3446->3411 3451 512150-51215f 3446->3451 3449 512105-512113 3447->3449 3450 512119-512120 call 54ba29 3447->3450 3449->3450 3450->3446 3454 512161-51216f 3451->3454 3455 512175-51217f call 54ba29 3451->3455 3454->3455 3455->3411 3465->3422 3467 5122df-5122ee 3465->3467 3468 51229b-5122a9 3466->3468 3469 5122af-5122b6 call 54ba29 3466->3469 3471 5122f0-5122fe 3467->3471 3472 512304-51230b call 54ba29 3467->3472 3468->3469 3469->3465 3471->3472 3472->3422
                                                                                APIs
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                • PathFindFileNameW.SHLWAPI(?,?,?,00000104), ref: 005118DA
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterFileFindInitIos_base_dtorLeaveNamePathstd::ios_base::_std::locale::_
                                                                                • String ID: [net] download url : $[net] downloader net cmd : $(null)$[I]$cur file name : $d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\common\downloader_cfg.cc$inf : cfg init ret ? $inf : init downloader cfg
                                                                                • API String ID: 2629817319-3533714317
                                                                                • Opcode ID: d7528bc698c4e97023a4ddc26352cf805ed31e8aaa1cd901d341aef3b2a64ca1
                                                                                • Instruction ID: abad300387573cb62c938ddd4f8eb3cda1cff81afd8592eefc970a3ef986d339
                                                                                • Opcode Fuzzy Hash: d7528bc698c4e97023a4ddc26352cf805ed31e8aaa1cd901d341aef3b2a64ca1
                                                                                • Instruction Fuzzy Hash: D1429070A016199BEB24DB24CC8DBEDBBB5BF85304F1442D8E509AB2D2DB749E84CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005706C0 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 258registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3476 5706c0-570741 call 56f790 3479 570747-570769 call 574840 * 2 3476->3479 3480 570a35 3476->3480 3490 570770-57079f RegEnumKeyExW 3479->3490 3481 570a37-570a39 3480->3481 3483 570a42-570a5f call 54bcdf 3481->3483 3484 570a3b-570a3c RegCloseKey 3481->3484 3484->3483 3491 5707a5-5707e0 RegOpenKeyExW 3490->3491 3492 5709cf-5709d3 3490->3492 3495 5707e6-570821 RegQueryValueExW 3491->3495 3496 5709c1 3491->3496 3493 5709d5-5709db 3492->3493 3494 570a00-570a07 3492->3494 3500 5709e0-5709e5 3493->3500 3494->3480 3501 570a09-570a0f 3494->3501 3497 570827-570830 3495->3497 3498 57099a-5709a0 3495->3498 3499 5709c5-5709c9 3496->3499 3503 570832-570835 3497->3503 3504 57083b-570843 3497->3504 3505 5709a2-5709a5 RegCloseKey 3498->3505 3506 5709af-5709bf 3498->3506 3499->3490 3499->3492 3500->3500 3507 5709e7-5709fe call 53e670 3500->3507 3502 570a12-570a17 3501->3502 3502->3502 3508 570a19-570a33 call 53e670 3502->3508 3503->3498 3503->3504 3509 570845-570847 3504->3509 3510 57085f-570861 3504->3510 3505->3506 3506->3499 3507->3481 3508->3481 3509->3498 3513 57084d-570858 3509->3513 3514 570868-57089b call 570ef0 3510->3514 3513->3514 3517 57085a 3513->3517 3520 57089d-5708a4 3514->3520 3521 5708aa-5708d1 call 574840 call 570a60 3514->3521 3517->3498 3520->3498 3520->3521 3525 5708d6-5708db 3521->3525 3525->3498 3526 5708e1-5708e8 3525->3526 3527 57093f-570943 3526->3527 3528 5708ea-5708f1 3526->3528 3531 570945-570958 call 697b3c 3527->3531 3532 57095a-57096c 3527->3532 3529 5708f3-570909 call 87a723 3528->3529 3530 57090f-570922 3528->3530 3529->3498 3529->3530 3534 570924-57092c 3530->3534 3531->3498 3531->3532 3536 570970-570978 3532->3536 3538 570989-570997 3534->3538 3540 57092e-570933 3534->3540 3537 57097a-57097f 3536->3537 3536->3538 3537->3538 3542 570981-570987 3537->3542 3538->3498 3540->3538 3543 570935-57093b 3540->3543 3542->3536 3542->3538 3543->3534 3544 57093d 3543->3544 3544->3538
                                                                                APIs
                                                                                • RegEnumKeyExW.KERNEL32(00000000,00000000,?,00000104,00000000,00000000,00000000,?,SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000008,A0E3A5EF,?,?), ref: 00570797
                                                                                • RegOpenKeyExW.KERNEL32(00000000,?,00000000,00000001,?), ref: 005707CE
                                                                                • RegQueryValueExW.KERNEL32(?,ServiceName,00000000,?,?,?), ref: 00570819
                                                                                • RegCloseKey.ADVAPI32(?), ref: 005709A3
                                                                                  • Part of subcall function 00570EF0: RegCloseKey.ADVAPI32(00000000), ref: 005712BD
                                                                                • RegCloseKey.ADVAPI32(00000000,80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000008,A0E3A5EF,?,?), ref: 00570A3C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Close$EnumOpenQueryValue
                                                                                • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards$ServiceName$cV$cV
                                                                                • API String ID: 2376581753-424008691
                                                                                • Opcode ID: 77843fe9bf1b47099af9d220ec4c3a6b817033a90647729f55597b088e93039c
                                                                                • Instruction ID: 8e42a71f5cd90e52a7a11f76bc669daa8220c1a75d48e8a17f989e876b497e17
                                                                                • Opcode Fuzzy Hash: 77843fe9bf1b47099af9d220ec4c3a6b817033a90647729f55597b088e93039c
                                                                                • Instruction Fuzzy Hash: 23A17E71900658DAEF21CB64DC48BEABBB8BB41305F1451E9E94CE71C1E771AE88DF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00572970 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 165registryCOMMON
                                                                                Download Yara Rule

                                                                                Control-flow Graph

                                                                                • Executed
                                                                                • Not Executed
                                                                                control_flow_graph 3545 572970-572990 3546 572996-57299b 3545->3546 3547 572b74-572b85 call 54bcdf 3545->3547 3546->3547 3549 5729a1-5729d1 call 574840 RegOpenKeyExA 3546->3549 3553 5729d7-572a0a RegEnumKeyExA 3549->3553 3554 572b49-572b4e 3549->3554 3555 572a10-572a2c RegOpenKeyExA 3553->3555 3556 572b38-572b46 RegCloseKey 3553->3556 3554->3547 3557 572b50-572b73 call 573b60 call 54bcdf 3554->3557 3558 572b02-572b32 RegEnumKeyExA 3555->3558 3559 572a32-572a70 RegQueryValueExA 3555->3559 3556->3554 3558->3555 3558->3556 3561 572a76-572a95 call 574840 call 572b90 3559->3561 3562 572afa-572b00 RegCloseKey 3559->3562 3569 572a9a-572a9f 3561->3569 3562->3558 3569->3562 3570 572aa1-572aa5 3569->3570 3571 572aa7-572ab7 call 666a2d 3570->3571 3572 572abc-572ace 3570->3572 3574 572ad0-572ad8 3572->3574 3576 572ada-572adf 3574->3576 3577 572ae9-572af7 3574->3577 3576->3577 3578 572ae1-572ae7 3576->3578 3577->3562 3578->3574 3578->3577
                                                                                APIs
                                                                                • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards,00000000,00000008,?,?,?,?), ref: 005729CD
                                                                                • RegEnumKeyExA.KERNEL32(?,00000000,?,00000104,00000000,00000000,00000000,00000000,?,?), ref: 005729FC
                                                                                • RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,?,?,?), ref: 00572A28
                                                                                • RegQueryValueExA.KERNEL32(?,ServiceName,00000000,00000001,?,?,?,?), ref: 00572A68
                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00572B00
                                                                                • RegEnumKeyExA.KERNEL32(?,00000001,?,00000104,00000000,00000000,00000000,00000000,?,?), ref: 00572B2A
                                                                                • RegCloseKey.ADVAPI32(?,?,?), ref: 00572B3E
                                                                                Strings
                                                                                • ServiceName, xrefs: 00572A5D
                                                                                • SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards, xrefs: 005729C3
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CloseEnumOpen$QueryValue
                                                                                • String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards$ServiceName
                                                                                • API String ID: 2548805652-1795789498
                                                                                • Opcode ID: c2e8fe4c676c69e36fbc6a4aeebecfa2083b4d4d9d2ddb3ee835520efcd7e24b
                                                                                • Instruction ID: d4cb1c78b39bc4b140ed6511b60e1d308bdb563095b189c87f02bb68c0e5e524
                                                                                • Opcode Fuzzy Hash: c2e8fe4c676c69e36fbc6a4aeebecfa2083b4d4d9d2ddb3ee835520efcd7e24b
                                                                                • Instruction Fuzzy Hash: C9516371A0025DAAEB20DF61DC89FDABBBDBB44700F1041EAA90CF7151DA709E44DF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00526A56 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 197windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00526BC0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: MessagePeek
                                                                                • String ID: (null)$8xZ$Create Main Wnd and show$Silent mode$[I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\inst.cpp
                                                                                • API String ID: 2222842502-3119137271
                                                                                • Opcode ID: a5c2ee24d008a5c49332f06201f638058d986396915df6ad1e9abec375d1d6da
                                                                                • Instruction ID: 07825609a1dc3ff600115c81653806931d9f030559d1f2d120bf1208f4282f80
                                                                                • Opcode Fuzzy Hash: a5c2ee24d008a5c49332f06201f638058d986396915df6ad1e9abec375d1d6da
                                                                                • Instruction Fuzzy Hash: A561AF30A0422A9FEF14EBA4DC5ABEEBBA9BF45300F144168E505EB2C1EB74DD44CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00573980 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 157COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00572E40: _strncat.LIBCMT ref: 00572F4D
                                                                                • SHSetValueA.SHLWAPI(80000002,Software\ComMaster,mid,00000001,?,00000100,?,?,?,?,?,?,?,?,?), ref: 00573AAE
                                                                                • SHSetValueA.SHLWAPI(80000002,Software\ComMaster,mid_old,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 00573B18
                                                                                • SHSetValueA.SHLWAPI(80000002,Software\ComMaster,mid,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 00573B45
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Value$_strncat
                                                                                • String ID: 5'W$Software\ComMaster$mid$mid_old
                                                                                • API String ID: 1864955066-2134992889
                                                                                • Opcode ID: ea90cea9bcbca6f1c3f1e7d3c208257af7bec38f3637a188501d597801084a91
                                                                                • Instruction ID: 662e2ce84692641ebf664fa3dc29b8bf169e8ad0a96da8da605883a2684ccb74
                                                                                • Opcode Fuzzy Hash: ea90cea9bcbca6f1c3f1e7d3c208257af7bec38f3637a188501d597801084a91
                                                                                • Instruction Fuzzy Hash: 035136316001599ADF25CE24DC56FF6BFA9BB42310F5881E8E489E7181EF71AF48EB10
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051CEA9 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateCompatibleDC.GDI32(?), ref: 0051CEC7
                                                                                • CreateCompatibleBitmap.GDI32(?), ref: 0051CF17
                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0051CF2B
                                                                                • SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 0051CF49
                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 0051CF83
                                                                                • SelectObject.GDI32(?,00000000), ref: 0051CF91
                                                                                • DeleteObject.GDI32(?), ref: 0051CF9E
                                                                                • DeleteDC.GDI32(?), ref: 0051CFA9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Object$CompatibleCreateDeleteSelect$BitmapViewport
                                                                                • String ID:
                                                                                • API String ID: 1352937626-0
                                                                                • Opcode ID: 7dd188f72d2430963c42a893ebeb8d08542d2c838f9e53e436261cb85605511d
                                                                                • Instruction ID: 983e43dcb79e98a029c5037d8e629894998b086bf0307d898d6ed42a2c8b2b1b
                                                                                • Opcode Fuzzy Hash: 7dd188f72d2430963c42a893ebeb8d08542d2c838f9e53e436261cb85605511d
                                                                                • Instruction Fuzzy Hash: E3313771D042289FDF218BA8CC05BEDFBB9FF5A200F14829AE909B7211DB716984DF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053F2C0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 180COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0053F4F7
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterHelper2@8InitIos_base_dtorLeaveLoad___delaystd::ios_base::_std::locale::_
                                                                                • String ID: q_$[D]$`b)u$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\tray_icon\tray_icon.cc$tray icon create
                                                                                • API String ID: 4269586288-1850394590
                                                                                • Opcode ID: 16e76a763781311502c1494a21fbc0c522405c16c647c9d84230376b573c2b42
                                                                                • Instruction ID: 847b58c000d0c5304846f4b83eb009bdfad2dc843ccd4655dffae2a97adb6abc
                                                                                • Opcode Fuzzy Hash: 16e76a763781311502c1494a21fbc0c522405c16c647c9d84230376b573c2b42
                                                                                • Instruction Fuzzy Hash: EE51C131A00209AFEF14DFA4CC89BAEBFB5FF45310F108529F505AB2C2D77999458BA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00530970 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 146windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0050B680: RtlEnterCriticalSection.NTDLL(005CC130), ref: 0050B6B1
                                                                                  • Part of subcall function 0050B680: RtlLeaveCriticalSection.NTDLL(005CC130), ref: 0050B6F3
                                                                                  • Part of subcall function 00530090: RtlEnterCriticalSection.NTDLL(005CD2A0), ref: 005300C1
                                                                                  • Part of subcall function 00530090: RtlLeaveCriticalSection.NTDLL(005CD2A0), ref: 00530103
                                                                                • LoadImageW.USER32(00500000,00000080,00000001,00000000,?,?,00000010,?), ref: 00530AFC
                                                                                • SendMessageW.USER32(?,00000080,00000001,00000000,?,?,?,00000010,?), ref: 00530B12
                                                                                Strings
                                                                                • ldsexist, xrefs: 005309C7
                                                                                • d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\mainwnd.cpp, xrefs: 00530A19
                                                                                • inf : skip to launch when closed, xrefs: 00530A7D
                                                                                • [I], xrefs: 00530A35
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave$ImageLoadMessageSend
                                                                                • String ID: [I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\mainwnd.cpp$inf : skip to launch when closed$ldsexist
                                                                                • API String ID: 35129755-4230342510
                                                                                • Opcode ID: d248a68e9db15dfd1b2ea635c1961fb571ec8c8f833def8779c6595fdf9fca0f
                                                                                • Instruction ID: ae62757bb18e8a24105fa8f244b46423d7465bd154f41836513b825a8fec0d15
                                                                                • Opcode Fuzzy Hash: d248a68e9db15dfd1b2ea635c1961fb571ec8c8f833def8779c6595fdf9fca0f
                                                                                • Instruction Fuzzy Hash: 73518271A40309AFEB10EBA4CC5AFAE7FA8BF45710F100559F505AB2C2DBB46D44CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00526A90 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 132windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00526BC0
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterInitIos_base_dtorLeaveMessagePeekstd::ios_base::_std::locale::_
                                                                                • String ID: (null)$Create Main Wnd and show$Silent mode$[I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\inst.cpp
                                                                                • API String ID: 1959758059-852054067
                                                                                • Opcode ID: fa0e522e0e3e5f48a24989b2bf7b538d9f084e10b0d549d2898819ac15ffbd15
                                                                                • Instruction ID: 18557ea7288dc0f00c8c4ac326ebeac0b49fccce8b29e9c7a899f08a06a7122e
                                                                                • Opcode Fuzzy Hash: fa0e522e0e3e5f48a24989b2bf7b538d9f084e10b0d549d2898819ac15ffbd15
                                                                                • Instruction Fuzzy Hash: C5417430A44219AAEF25EBA4CC4AFEE7EB8BF45700F144168F615BB1C1DB749E05CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0060DB57 Relevance: 10.6, APIs: 7, Instructions: 105COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __RTC_Initialize.LIBCMT ref: 0060DB88
                                                                                • __mtterm.LIBCMT ref: 0060DBAB
                                                                                  • Part of subcall function 0060EF24: TlsFree.KERNEL32(00000004,0060DC12), ref: 0060EF4F
                                                                                • __setenvp.LIBCMT ref: 0060DBBB
                                                                                • __cinit.LIBCMT ref: 0060DBC6
                                                                                • __mtterm.LIBCMT ref: 0060DC0D
                                                                                • ___set_flsgetvalue.LIBCMT ref: 0060DC1E
                                                                                  • Part of subcall function 0060EEF0: TlsGetValue.KERNEL32(0060C99F,0060F05F,?,?,0060C99F,0060F65E,0060F8EE,?,?,0060C99F,?), ref: 0060EEF9
                                                                                  • Part of subcall function 0060EEF0: TlsSetValue.KERNEL32(00000000,?,0060C99F,0060F65E,0060F8EE,?,?,0060C99F,?), ref: 0060EF1A
                                                                                  • Part of subcall function 00611612: __calloc_impl.LIBCMT ref: 00611623
                                                                                  • Part of subcall function 0060E364: ___sbh_find_block.LIBCMT ref: 0060E38D
                                                                                  • Part of subcall function 0060E364: ___sbh_free_block.LIBCMT ref: 0060E39C
                                                                                  • Part of subcall function 0060E364: HeapFree.KERNEL32(00000000,0060C99F,0061BCD0,0000000C,006136AF,00000000,0061BFC0,0000000C,006136E9,0060C99F,?,?,006163EA,00000004,0061C080,0000000C), ref: 0060E3CC
                                                                                • __freeptd.LIBCMT ref: 0060DC7D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: FreeValue__mtterm$HeapInitialize___sbh_find_block___sbh_free_block___set_flsgetvalue__calloc_impl__cinit__freeptd__setenvp
                                                                                • String ID:
                                                                                • API String ID: 3004107213-0
                                                                                • Opcode ID: 23875cd1e9f35161f4c62a58d4a602e7366e9085e4675593d7c585640d0c4444
                                                                                • Instruction ID: 2502c23258b6e44be9c0eff3d58615d871dfd28f245a2fcf952d6093b66ff74e
                                                                                • Opcode Fuzzy Hash: 23875cd1e9f35161f4c62a58d4a602e7366e9085e4675593d7c585640d0c4444
                                                                                • Instruction Fuzzy Hash: 282125B54C4A52A9E7BC3BF45C038EB329B9B627607241B1EF554C91C2EF61848381BE
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0056E300 Relevance: 9.3, APIs: 2, Strings: 3, Instructions: 560COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 89ea8f051a380057008b6ef2a79e972c41167c4d29e6$GenuineIntel,806f8,Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz$GenuineIotel
                                                                                • API String ID: 0-991298990
                                                                                • Opcode ID: 18a3e7b03524bc16e72ab6c192bd0b39d867e6fcaaaf2411d9886747d8f92464
                                                                                • Instruction ID: 7d841bddac124cdbbcded85d2e1bd55cd2e43ef54b4d55a415091358f192f9e4
                                                                                • Opcode Fuzzy Hash: 18a3e7b03524bc16e72ab6c192bd0b39d867e6fcaaaf2411d9886747d8f92464
                                                                                • Instruction Fuzzy Hash: 6912D67590160ADFDB20DF68CC4EBAEBBB8FF44314F1446A9E8059B291EB349D44CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054AA40 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 181COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 0054AA84
                                                                                • PathFileExistsW.SHLWAPI(00000000,.on,00000003,?,?,?,?,A0E3A5EF), ref: 0054AB68
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 0054AC1D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterExistsFileLeavePath
                                                                                • String ID: -------log start$.on
                                                                                • API String ID: 3310751803-463144427
                                                                                • Opcode ID: 143f9fe9536521076affaea79dca8e17e13a06a16286e3ecc59c36b6ca68d7a7
                                                                                • Instruction ID: c0798d35270dc4f4035a514c32cabc97203a697e22e3fecba8c0e186e0f98159
                                                                                • Opcode Fuzzy Hash: 143f9fe9536521076affaea79dca8e17e13a06a16286e3ecc59c36b6ca68d7a7
                                                                                • Instruction Fuzzy Hash: 4A61D37490020ADFDB04DFA8D989BEEBFB5FF48308F144128E905A7790D775AA44CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051EE40 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Netbios.NETAPI32(00000037), ref: 0051EEA3
                                                                                • Netbios.NETAPI32(00000037), ref: 0051EEEB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Netbios
                                                                                • String ID: %02X-%02X-%02X-%02X-%02X-%02X$3
                                                                                • API String ID: 544444789-3447491341
                                                                                • Opcode ID: a05c76abacc0cdcb1fa3cde55f102f161ef46af19765953213661b3d291b1131
                                                                                • Instruction ID: eaeea0d3d4d8c8a7bb4454af7999459ec91c92f1e01905e02322e15f909c48e3
                                                                                • Opcode Fuzzy Hash: a05c76abacc0cdcb1fa3cde55f102f161ef46af19765953213661b3d291b1131
                                                                                • Instruction Fuzzy Hash: 0441B3709141AD5BDF22EBA49C46BFDBBFC6F45304F0440D6A98CA7182C6B45F859F60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005167B0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • StrCmpW.SHLWAPI(005A6640,?), ref: 005167C8
                                                                                • StrCmpW.SHLWAPI(Tahoma,?), ref: 005167E9
                                                                                • StrCmpW.SHLWAPI(005A665C,?), ref: 0051680A
                                                                                • StrCmpW.SHLWAPI(005A6664,?), ref: 00516816
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Tahoma
                                                                                • API String ID: 0-3580928618
                                                                                • Opcode ID: d4b5cd27d781f0b1068f01a882c5071d383a138f8a8ce285b1cdcdeece048d1d
                                                                                • Instruction ID: e0e0164d4cf35ddd94e2d96d215c775258ab5761bedf4f7d45f5fb8db8616069
                                                                                • Opcode Fuzzy Hash: d4b5cd27d781f0b1068f01a882c5071d383a138f8a8ce285b1cdcdeece048d1d
                                                                                • Instruction Fuzzy Hash: 88014422A102137AB31077AB5C5AD9BAFE8BFD1770706C069F54C97193E751C881C6B6
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005405F0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163encryptionCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PathFileExistsW.SHLWAPI(0051FD44,A0E3A5EF,A0E3A5EF,?,?), ref: 00540635
                                                                                • CertGetNameStringW.CRYPT32(?,00000004,00000000,00000000,?,00000200), ref: 0054088B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CertExistsFileNamePathString
                                                                                • String ID: 0$ntdll.dll
                                                                                • API String ID: 1123245135-1737626548
                                                                                • Opcode ID: d729a6e3279b547aa0642c20b70e2f6114dc7f507c5406ffe64014bc6eb8412e
                                                                                • Instruction ID: 9b4b066b816925088d19055f19747e880ec19646ef2e84074b95dbcfb76c69c3
                                                                                • Opcode Fuzzy Hash: d729a6e3279b547aa0642c20b70e2f6114dc7f507c5406ffe64014bc6eb8412e
                                                                                • Instruction Fuzzy Hash: 66615FB09013189FEB60DF54CD89BDEBBB8FB44708F5041E9E608A7281D7759A84CF99
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00572CB0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SHGetValueA.SHLWAPI(80000002,Software\ComMaster,mid,00000001,?,00000400), ref: 00572D27
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID: $Software\ComMaster$mid
                                                                                • API String ID: 3702945584-2041042979
                                                                                • Opcode ID: 99aee60c89c554ffd2071fc75ec18bf65f3549138900bd89fde371ff5d3c6bb4
                                                                                • Instruction ID: 64bf4f812aced21fe6c1c10d8a27f44f4fe8f96705c979b0126f325332ee13b5
                                                                                • Opcode Fuzzy Hash: 99aee60c89c554ffd2071fc75ec18bf65f3549138900bd89fde371ff5d3c6bb4
                                                                                • Instruction Fuzzy Hash: 3D41D175A001099EDF25CE64DD40FEABBBDBB56304F0081E9EA09EB142EB319E499F50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051D850 Relevance: 6.2, APIs: 4, Instructions: 151windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 0051D8AA
                                                                                • CreateCompatibleBitmap.GDI32(00000000), ref: 0051D8F3
                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0051D8FE
                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0051D916
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CompatibleCreate$BitmapObjectSelectViewport
                                                                                • String ID:
                                                                                • API String ID: 1881423421-0
                                                                                • Opcode ID: 396af9949d68ac5cfa9c8c7cf80eb0a19a5a68243962cc6bd7cf56173161826e
                                                                                • Instruction ID: e2d1a0aa254c36a5253f133a469ec0772ba7ee264a79f7679e951528bb9ab1f7
                                                                                • Opcode Fuzzy Hash: 396af9949d68ac5cfa9c8c7cf80eb0a19a5a68243962cc6bd7cf56173161826e
                                                                                • Instruction Fuzzy Hash: B851DCB5D00209AFDB11DFA8C985AEEFBF9FF58304F10821AE915B6251E734A944CB60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00503B40 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PathFindFileNameW.SHLWAPI(?,?,?,00000400,?,?), ref: 00503B97
                                                                                • GetLastError.KERNEL32(?,00000000,00000001,?,?,?), ref: 00503BB4
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 00503BE1
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 00503C08
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterErrorFileFindLastLeaveNamePath
                                                                                • String ID:
                                                                                • API String ID: 2734386303-0
                                                                                • Opcode ID: c15f58e21ec8407b7b8c6b9e0dcb24a12c34d28686b992c9d94652281ff597fc
                                                                                • Instruction ID: 94725b6336fe3d7cd42029aa4d994656c840ff7cee2c512858ef74f05721093b
                                                                                • Opcode Fuzzy Hash: c15f58e21ec8407b7b8c6b9e0dcb24a12c34d28686b992c9d94652281ff597fc
                                                                                • Instruction Fuzzy Hash: 7521B271900218ABD750EF64DC85FAE7BACFF55714F008499F909EA181DA359D48DBE0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005301BB Relevance: 6.1, APIs: 4, Instructions: 60windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateCompatibleDC.GDI32(?), ref: 005301FE
                                                                                • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00530217
                                                                                • SelectObject.GDI32(00000000,00000000), ref: 00530223
                                                                                • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0053023C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CompatibleCreate$BitmapObjectSelectViewport
                                                                                • String ID:
                                                                                • API String ID: 1881423421-0
                                                                                • Opcode ID: 8189af981f649aa096386b18f3322e563031cec758e5e677de72620c5847e6ce
                                                                                • Instruction ID: 5ece1c879bd5bcb5795a492ce0103bd7ee51d7c3c7e2f1a124a78be425e66d52
                                                                                • Opcode Fuzzy Hash: 8189af981f649aa096386b18f3322e563031cec758e5e677de72620c5847e6ce
                                                                                • Instruction Fuzzy Hash: 75214770900706DFE760CF64C849B6BBBF4FF08700F108908F996A66A0DB75A954DF80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005080D0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL ref: 00508102
                                                                                • RtlLeaveCriticalSection.NTDLL ref: 00508309
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID: ios_base::badbit set
                                                                                • API String ID: 3168844106-3882152299
                                                                                • Opcode ID: 0c48971ee9610a961f6023e7bb9391c67a4cad98cd129f52e82738a4eb942f62
                                                                                • Instruction ID: 2931b04f6c0095c831c7aa7311b49469eabccae347a1279eab8d2b7e583a5b04
                                                                                • Opcode Fuzzy Hash: 0c48971ee9610a961f6023e7bb9391c67a4cad98cd129f52e82738a4eb942f62
                                                                                • Instruction Fuzzy Hash: FB911BB49006499FDB10CF68C884B9DBBF4FF49314F148259E859DB386DB74A945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0056F840 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 174registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegQueryValueExW.KERNEL32(00000000,005B3718,00000000,?,?,00000064), ref: 0056F8F6
                                                                                • RegCloseKey.ADVAPI32(00000000,80000002,00000201,A0E3A5EF), ref: 0056FA28
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CloseQueryValue
                                                                                • String ID: d
                                                                                • API String ID: 3356406503-2564639436
                                                                                • Opcode ID: 50469243cad949b2f4f56889c7289ee25f13fc9ad06d26cbdf7a6f371e8f9ccf
                                                                                • Instruction ID: baac831e778adfe8246c71e5e590a6520ff45ab9cf47dda8b82bb7f3facfd4e3
                                                                                • Opcode Fuzzy Hash: 50469243cad949b2f4f56889c7289ee25f13fc9ad06d26cbdf7a6f371e8f9ccf
                                                                                • Instruction Fuzzy Hash: 85517371E006099BEB20DFA8DC89BAEBBB8FF44314F24416DE915E7281DB759A44CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005169AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • EnumFontFamiliesW.GDI32(?,00000000,Function_000167B0), ref: 005169C1
                                                                                • CreateFontW.GDI32(000000F4,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000086,00000000,00000000,00000000,00000020,?), ref: 00516A48
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Font$CreateEnumFamilies
                                                                                • String ID: Tahoma
                                                                                • API String ID: 1353381497-3580928618
                                                                                • Opcode ID: 3c32495b46e7d23e108c96b4059806a91213904d91bbbdf2a637de1709bb9376
                                                                                • Instruction ID: e98e8bfd214c5cbd2717297b9b33aa049011e34ab24d63cdac807e5b09f4abae
                                                                                • Opcode Fuzzy Hash: 3c32495b46e7d23e108c96b4059806a91213904d91bbbdf2a637de1709bb9376
                                                                                • Instruction Fuzzy Hash: AD118E74280715AAF234AB15CC5BFF6BBA4FF01B21F10C419B6977A4E1CAB9B880C654
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0056F790 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,A0E3A5EF,00000000,?,005F85A8,?,00000000,?,0056F8BD,80000002,00000201,A0E3A5EF), ref: 0056F804
                                                                                • RegCloseKey.ADVAPI32(00000000,?,0056F8BD,80000002,00000201,A0E3A5EF), ref: 0056F817
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CloseOpen
                                                                                • String ID: Advapi32.dll
                                                                                • API String ID: 47109696-3915320344
                                                                                • Opcode ID: 897e89a40950ed5d0bdbb5a13256600e4135819afdabf861451400aac5d12066
                                                                                • Instruction ID: e302a8ae74d171020a03fcf01cb50335aa5d73ad0de849005258e880b2d284f0
                                                                                • Opcode Fuzzy Hash: 897e89a40950ed5d0bdbb5a13256600e4135819afdabf861451400aac5d12066
                                                                                • Instruction Fuzzy Hash: FF015A72A01209EBEB208F49EC44B6ABBE9FB98310F6480B9E904D7250D775A941DB60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005123C0 Relevance: 4.7, APIs: 3, Instructions: 161COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 00512404
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 005124D1
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 00512521
                                                                                  • Part of subcall function 00545804: __CxxThrowException@8.LIBVCRUNTIME ref: 0054581B
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$Leave$EnterException@8Throw
                                                                                • String ID:
                                                                                • API String ID: 3403424909-0
                                                                                • Opcode ID: aba8e792e1237a2a068d5cc37759673a07e103088e952a4e68b797fa9d7e560d
                                                                                • Instruction ID: bc589fcb10399c6806613b8a5004710473d6414d3bc3826b22ff4f4f29eb90ae
                                                                                • Opcode Fuzzy Hash: aba8e792e1237a2a068d5cc37759673a07e103088e952a4e68b797fa9d7e560d
                                                                                • Instruction Fuzzy Hash: 6E517A70A006069FDB28CF64D494BAEBBB9FF48304F14455DE80A9BA91CB34ED94DB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0056D8F0 Relevance: 4.6, APIs: 3, Instructions: 104COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 0056D931
                                                                                • RtlLeaveCriticalSection.NTDLL(00000000), ref: 0056D98C
                                                                                • RtlLeaveCriticalSection.NTDLL(00000000), ref: 0056D9EC
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$Leave$Enter
                                                                                • String ID:
                                                                                • API String ID: 2978645861-0
                                                                                • Opcode ID: ba0addd142987b27c61fd214f5866c9410912318811d75848bdfb06609de1ca0
                                                                                • Instruction ID: 9e06a507aa02758eae0d594d6e7cbfd32bf979a488f057527d663d505602233a
                                                                                • Opcode Fuzzy Hash: ba0addd142987b27c61fd214f5866c9410912318811d75848bdfb06609de1ca0
                                                                                • Instruction Fuzzy Hash: 2031D436B00619ABDB14CF25D845BAABBF8FF55750F04852EED05C7680EB36E905CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051A600 Relevance: 4.6, APIs: 3, Instructions: 80COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetBkColor.GDI32(?,?), ref: 0051A625
                                                                                • ExtTextOutW.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 0051A640
                                                                                • SetBkColor.GDI32(?,?), ref: 0051A64A
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Color$Text
                                                                                • String ID:
                                                                                • API String ID: 657580467-0
                                                                                • Opcode ID: 3f8c20e3ab0abe5520670283b9d673ac05d29de922831148a6435fb45b2ea950
                                                                                • Instruction ID: d168aa69380afd6c41ab155d0d39c5094ca3c17a59108a9dd7d1df4fdb0a7bbf
                                                                                • Opcode Fuzzy Hash: 3f8c20e3ab0abe5520670283b9d673ac05d29de922831148a6435fb45b2ea950
                                                                                • Instruction Fuzzy Hash: 0F216A72600705BFE7219A68CC89FBB7BACBB08B44F484418F6469A581D774F880DB65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055CCDF Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(?,NtOpenFile), ref: 0055CCEB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID: NtOpenFile
                                                                                • API String ID: 190572456-2712788001
                                                                                • Opcode ID: 1388fa4a7b4c5a2d3cfe9ecd95f4597595bb7fc35c489f114a24961b20599a09
                                                                                • Instruction ID: a3d3b99faf2d381a82458a88683b8a5697e3b11d3d0c7253093a7f29d11e79b5
                                                                                • Opcode Fuzzy Hash: 1388fa4a7b4c5a2d3cfe9ecd95f4597595bb7fc35c489f114a24961b20599a09
                                                                                • Instruction Fuzzy Hash: 92E0923974070A5A4E00AFB06C67A7E3F65BBA130630401BBEC0BD2181EE249D089250
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054014C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: lq_
                                                                                • API String ID: 3415581147-1937567620
                                                                                • Opcode ID: 7a9b6a80a4010b36794b62a85c9acea77df72fb456997f3af1c05159fe56cd08
                                                                                • Instruction ID: 65dc5fc26638173bdfc9290c343cccc8f0cf8f7e6a6a037980a2c88b8b8ae70b
                                                                                • Opcode Fuzzy Hash: 7a9b6a80a4010b36794b62a85c9acea77df72fb456997f3af1c05159fe56cd08
                                                                                • Instruction Fuzzy Hash: 59B0129A25C20BBD321863545D0FF3B0F4CF0C8B10331A42EB600C5180D4441C044131
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00540109 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: hq_
                                                                                • API String ID: 3415581147-1953843032
                                                                                • Opcode ID: 132a8c682f1d068a371bb880e77f5945223871f12bc0a7a97906f4d89824add5
                                                                                • Instruction ID: 29e5d4be7f84352863f1c1b4c39f16f85e06af07a8f49dd55ef8942d28e162d1
                                                                                • Opcode Fuzzy Hash: 132a8c682f1d068a371bb880e77f5945223871f12bc0a7a97906f4d89824add5
                                                                                • Instruction Fuzzy Hash: E1B0129A25C30BBD33182350AD0FF3B0F0CF0C4B10331652EB200D40C194440C448031
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00540138 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: \q_
                                                                                • API String ID: 3415581147-1461127700
                                                                                • Opcode ID: 68fb6ab18b48abf3d351acd18eb0b33e127ce56c8a446304da062a04ba82742c
                                                                                • Instruction ID: 0e4c5ecfee24010f2e5873d3dd4e58e7180becfd709e11894f68b323ab7fc0d0
                                                                                • Opcode Fuzzy Hash: 68fb6ab18b48abf3d351acd18eb0b33e127ce56c8a446304da062a04ba82742c
                                                                                • Instruction Fuzzy Hash: F7B0129725C10BBD321C67541D0FF3B0F4CF0C8B10331E42EB600C5180D4440C084131
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00540124 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: dq_
                                                                                • API String ID: 3415581147-2104475196
                                                                                • Opcode ID: c3260f353878f117fb2c7bdb4c332dbfd43ef71fe0c3c389b67a6da524eae1d1
                                                                                • Instruction ID: a1e75ae513d63104b4fd9ee10da129d55633e56f9bcc2eee010e9e96e1e3e46c
                                                                                • Opcode Fuzzy Hash: c3260f353878f117fb2c7bdb4c332dbfd43ef71fe0c3c389b67a6da524eae1d1
                                                                                • Instruction Fuzzy Hash: 8BB0129A25C30BBD321863546E0FF3B0F4CF0C8B10331642EF600C5180D4440D054131
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054012E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: `q_
                                                                                • API String ID: 3415581147-2053510880
                                                                                • Opcode ID: 3a97775cc5a096b5df6547da1e296583d10081d55d80792d1083373538d6d3f8
                                                                                • Instruction ID: 2667cf91d08865816eecefb03e6ef23305d706bea23fbc8bf5444c634906275a
                                                                                • Opcode Fuzzy Hash: 3a97775cc5a096b5df6547da1e296583d10081d55d80792d1083373538d6d3f8
                                                                                • Instruction Fuzzy Hash: 22B0129A25C20FBD321863545D0FF3B0F4CF0C8B10331642EB200C5180D4440C044231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053F64E Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0053F645
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: 8q_
                                                                                • API String ID: 3415581147-415853032
                                                                                • Opcode ID: 75364310e9e8ecbbf6d98f62a5f02727b881359dcf40fc3398e941b5ddf295bf
                                                                                • Instruction ID: 790c023bf1468a0fc2217d5b79bdec80d04040cc0feb26ff6b1de021e441b765
                                                                                • Opcode Fuzzy Hash: 75364310e9e8ecbbf6d98f62a5f02727b881359dcf40fc3398e941b5ddf295bf
                                                                                • Instruction Fuzzy Hash: 65B01292A9D20EFD338463841D0FF770F4CF0C4B10B30453FB100C1051D4440C492231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053F694 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0053F6A6
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: @olu Fju
                                                                                • API String ID: 3415581147-337500612
                                                                                • Opcode ID: 8fa41a2175973bb121a318a77e447ffc44b184c31bd24710f2526e0810706aa7
                                                                                • Instruction ID: d64dfc1a849ade63beb2c0a2891349b65d9517437fe9792b5928a87085aafc96
                                                                                • Opcode Fuzzy Hash: 8fa41a2175973bb121a318a77e447ffc44b184c31bd24710f2526e0810706aa7
                                                                                • Instruction Fuzzy Hash: 74B0128A69C20ABF330423401F0FE3B0F1DF0C0B20730453FF101D4040A8490C010135
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054B7C7 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054B7DF
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: r_
                                                                                • API String ID: 3415581147-567396579
                                                                                • Opcode ID: 1890bcbb606a1d3226767fa4b920af80f3fce6151be4f8f70e02a622396aaf6e
                                                                                • Instruction ID: 8fa03c97dc40b1c9c5ea243b7a33250717f30c34dc9babb064ec3866433b83a4
                                                                                • Opcode Fuzzy Hash: 1890bcbb606a1d3226767fa4b920af80f3fce6151be4f8f70e02a622396aaf6e
                                                                                • Instruction Fuzzy Hash: 32B012AB65C10ABD320423402D0EE370F4CF1C0B10B30442EB200E048095488C000231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054CB4F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054CB28
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: q_
                                                                                • API String ID: 3415581147-700551246
                                                                                • Opcode ID: ebf06845205933f2e7975267df000a462df8555c2184629b0193332acd5e785d
                                                                                • Instruction ID: c86a089434759fd03cf3b57596237a1102b22d1ae5811b4c12bf17bac5599871
                                                                                • Opcode Fuzzy Hash: ebf06845205933f2e7975267df000a462df8555c2184629b0193332acd5e785d
                                                                                • Instruction Fuzzy Hash: F3B012A226D107BD324862452E0FF370F4CF0C4F10330447FF502C5080D4441D054231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054CB63 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054CB28
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: q_
                                                                                • API String ID: 3415581147-700551246
                                                                                • Opcode ID: 2de693b48b34c93617d1fae2c4ed0534b4a0b26b8137838ed2378452b2829fdb
                                                                                • Instruction ID: 0ed10f943f0848d3cc8b76d9eb5e9caec3aafac28a7d5d9157518bf51dec8a01
                                                                                • Opcode Fuzzy Hash: 2de693b48b34c93617d1fae2c4ed0534b4a0b26b8137838ed2378452b2829fdb
                                                                                • Instruction Fuzzy Hash: 14B012A225D107BD324862452D0FF370F4CF0C4F50370453FF002C5080D4441C044231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054CB3B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054CB28
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID: q_
                                                                                • API String ID: 3415581147-700551246
                                                                                • Opcode ID: a85829ad12ee1b9be56ffb57b49520d18aca895c50a2c174385e9d5675d7ec9f
                                                                                • Instruction ID: e2e8732cee6dfb371fc4a3edf6ae4c25d1b17651a4a9d2ce3bf365e7633eb437
                                                                                • Opcode Fuzzy Hash: a85829ad12ee1b9be56ffb57b49520d18aca895c50a2c174385e9d5675d7ec9f
                                                                                • Instruction Fuzzy Hash: 57B012A225D207BD338862452D0FF370F4CF0C4F10330553FF002C5080D4441C444231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0050FD70 Relevance: 3.3, APIs: 2, Instructions: 301COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PathFileExistsW.SHLWAPI(?,A0E3A5EF), ref: 0050FDA4
                                                                                  • Part of subcall function 00554080: _wcsrchr.LIBVCRUNTIME ref: 005540AB
                                                                                  • Part of subcall function 00554080: _wcsrchr.LIBVCRUNTIME ref: 005540CD
                                                                                • PathRemoveExtensionW.SHLWAPI(?), ref: 0050FE10
                                                                                  • Part of subcall function 00503560: __CxxThrowException@8.LIBVCRUNTIME ref: 00503577
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Path_wcsrchr$Exception@8ExistsExtensionFileRemoveThrow
                                                                                • String ID:
                                                                                • API String ID: 2270941719-0
                                                                                • Opcode ID: 8dbbaaae06e08cf4742af3d22775a82ca07d88b098b6518eb927eef14201db4b
                                                                                • Instruction ID: 96fcbc453666d4311523faba45b76e4e13511fe587fb129b54be63bbe7fafd8e
                                                                                • Opcode Fuzzy Hash: 8dbbaaae06e08cf4742af3d22775a82ca07d88b098b6518eb927eef14201db4b
                                                                                • Instruction Fuzzy Hash: A1B1A17190050A9FDB14DF68C888BAEFBF5FF48310F248269E815EB291D771AD85CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055D370 Relevance: 3.3, APIs: 2, Instructions: 293COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(005F82AC), ref: 0055D3D0
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalEnterSection
                                                                                • String ID:
                                                                                • API String ID: 1904992153-0
                                                                                • Opcode ID: 8e3ffc4a9927cf35550aa4b39492d534bcfb528f9558e064c8f8ae84fbdd0018
                                                                                • Instruction ID: 698ecc26de8010dfce28d871d2aec32340843cb34f2132dc69efebacf2fa9266
                                                                                • Opcode Fuzzy Hash: 8e3ffc4a9927cf35550aa4b39492d534bcfb528f9558e064c8f8ae84fbdd0018
                                                                                • Instruction Fuzzy Hash: 92C19E769006159FCB35DF64DC94BAEBBF8FF04701F0445AAE809A7251DB74AA88CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053EE10 Relevance: 3.1, APIs: 2, Instructions: 80windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 0053EF12
                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0053EF1C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: IconNotifyShell_
                                                                                • String ID:
                                                                                • API String ID: 1144537725-0
                                                                                • Opcode ID: ae596316dbe72e514bbb9cc75894ab2ec3448076eb4347ec9b2ce763c7577566
                                                                                • Instruction ID: c9f5ae3fb0fe66833472d3b0b333f10706571af93faa12883a47d3a7670af98a
                                                                                • Opcode Fuzzy Hash: ae596316dbe72e514bbb9cc75894ab2ec3448076eb4347ec9b2ce763c7577566
                                                                                • Instruction Fuzzy Hash: 653156341003098FCB29DF14C546BA2B7F5FF44314F85A99DE8828BAA2D7B9F845DB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053EE51 Relevance: 3.1, APIs: 2, Instructions: 61windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 0053EF12
                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0053EF1C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: IconNotifyShell_
                                                                                • String ID:
                                                                                • API String ID: 1144537725-0
                                                                                • Opcode ID: 24caf197eaec3c2af90e3c582efec3c587b572d1bdfb30b58261ed676aaafbb0
                                                                                • Instruction ID: 135804d3c1d06c390629b9962f8583ef25dc185e363079154007f39eac27fc91
                                                                                • Opcode Fuzzy Hash: 24caf197eaec3c2af90e3c582efec3c587b572d1bdfb30b58261ed676aaafbb0
                                                                                • Instruction Fuzzy Hash: F62153381002028FCB29CF04C546BA2B7F0FF44308F59999AD8868BA92D3B5F906DB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00506050 Relevance: 3.1, APIs: 2, Instructions: 58COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(005CC044), ref: 0050605C
                                                                                • RtlLeaveCriticalSection.NTDLL(005CC044), ref: 0050609C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID:
                                                                                • API String ID: 3168844106-0
                                                                                • Opcode ID: 11c28dc88a45fa598c78a17e9878def0257671b68bdae5c6dbd05eec81880014
                                                                                • Instruction ID: 3a1d4d69c171c43c281c2840ed617caf8f7dea34f4db7ec56fdd53bc2c550371
                                                                                • Opcode Fuzzy Hash: 11c28dc88a45fa598c78a17e9878def0257671b68bdae5c6dbd05eec81880014
                                                                                • Instruction Fuzzy Hash: FB015B36600615AB8B20AFA5AC4DD5F7F69FF853A03004115FA1897281DB35D820D7E0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0058414A Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetLastError.KERNEL32(00000000,00000000,?,00583FF6,00000000,00000000,00000000,00000000,?,00000010,00000010,?,005082D3,00000000,00000000), ref: 0058419F
                                                                                • __dosmaperr.LIBCMT ref: 005841A6
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast__dosmaperr
                                                                                • String ID:
                                                                                • API String ID: 1659562826-0
                                                                                • Opcode ID: 0328db5439421a7a3dd9094aa0da13076bf4f1a480e614f79eeb4643b9253a7b
                                                                                • Instruction ID: 729b0e82a5eea4ecd8c21e7270c0817a96d1c24914e47a97e20e5e571e715d8d
                                                                                • Opcode Fuzzy Hash: 0328db5439421a7a3dd9094aa0da13076bf4f1a480e614f79eeb4643b9253a7b
                                                                                • Instruction Fuzzy Hash: CA01803660421BABDF11AFA1DC0DDAF3F69FFD5760B004468FD04A6110DE718951DBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0060C980 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _malloc.LIBCMT ref: 0060C99A
                                                                                  • Part of subcall function 0060F82F: __FF_MSGBANNER.LIBCMT ref: 0060F852
                                                                                  • Part of subcall function 0060F82F: __NMSG_WRITE.LIBCMT ref: 0060F859
                                                                                  • Part of subcall function 0060F82F: RtlAllocateHeap.NTDLL(00000000,0060C990), ref: 0060F8A6
                                                                                • std::bad_alloc::bad_alloc.LIBCMT ref: 0060C9BD
                                                                                  • Part of subcall function 0060C965: std::exception::exception.LIBCMT ref: 0060C971
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AllocateHeap_mallocstd::bad_alloc::bad_allocstd::exception::exception
                                                                                • String ID:
                                                                                • API String ID: 3447465555-0
                                                                                • Opcode ID: 10ceb8956f3b6da661f4ec5c2670ee047ce95f7ca6384a913fd2bf85ede6743f
                                                                                • Instruction ID: 21e58bfd0e09e62f312f8b01191037dd764975bf51b7fc20f4a05110485ccb62
                                                                                • Opcode Fuzzy Hash: 10ceb8956f3b6da661f4ec5c2670ee047ce95f7ca6384a913fd2bf85ede6743f
                                                                                • Instruction Fuzzy Hash: 5901FC315C020D59CF6CBB60D8159EB37ABDB51774B144139F80A971D1EA61DE41C685
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051D3F5 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(005CC044), ref: 0051D3FD
                                                                                • RtlLeaveCriticalSection.NTDLL(005CC044), ref: 0051D419
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID:
                                                                                • API String ID: 3168844106-0
                                                                                • Opcode ID: b051f5bd516c9dbb7917783da741e8845acb6b0b6656a2d503bcbcc7d8a344b8
                                                                                • Instruction ID: 5027ab9fcd6f7e75f146cdafec3d2d5e400740b21419e99d1327a7caddda05d3
                                                                                • Opcode Fuzzy Hash: b051f5bd516c9dbb7917783da741e8845acb6b0b6656a2d503bcbcc7d8a344b8
                                                                                • Instruction Fuzzy Hash: 9E01E575600248EF8B11DF59EC48EAA7FB5FB98350B058159FD099B221C236DC61EBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00530B2D Relevance: 3.0, APIs: 2, Instructions: 38windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • LoadImageW.USER32(?,00000080,00000001), ref: 00530B36
                                                                                • SendMessageW.USER32(?,00000080,00000000,00000000,?,00000080,00000001), ref: 00530B46
                                                                                  • Part of subcall function 00530000: RtlEnterCriticalSection.NTDLL(005CD2BC), ref: 00530031
                                                                                  • Part of subcall function 00530000: RtlLeaveCriticalSection.NTDLL(005CD2BC), ref: 00530073
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterImageLeaveLoadMessageSend
                                                                                • String ID:
                                                                                • API String ID: 1765090567-0
                                                                                • Opcode ID: f7377976d17a71ec4fd94e9efa294630f5ba4b9fc981e108c2604d593a74e50c
                                                                                • Instruction ID: 0ae744beffd93e7c28c33b5eefe33ac72eb0964be0a3c979d4aa13999f59f4b4
                                                                                • Opcode Fuzzy Hash: f7377976d17a71ec4fd94e9efa294630f5ba4b9fc981e108c2604d593a74e50c
                                                                                • Instruction Fuzzy Hash: 0DF09A30640325ABDE1537B09D9BF2F2E52BFC6700F4084A0F540BF1E2DF65AC109A65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00505ED6 Relevance: 3.0, APIs: 2, Instructions: 38COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(005CC044), ref: 00505EDE
                                                                                • RtlLeaveCriticalSection.NTDLL(005CC044), ref: 00505EF7
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID:
                                                                                • API String ID: 3168844106-0
                                                                                • Opcode ID: c9df9f43a3c19ffa2db2d8f18b903dcf58fe8e62cd1acaaecc8926f0b71e5adc
                                                                                • Instruction ID: bffe0f2519ccd2ebdc3b229fe80b62dc2d6a599d3067a03e36ad814b6f251bcf
                                                                                • Opcode Fuzzy Hash: c9df9f43a3c19ffa2db2d8f18b903dcf58fe8e62cd1acaaecc8926f0b71e5adc
                                                                                • Instruction Fuzzy Hash: 74F04971740A00EFE214DBA8EC4EF2A3BA4F758710F108219FA08A6290D6656C09AB58
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053EF60 Relevance: 3.0, APIs: 2, Instructions: 22windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • Shell_NotifyIconW.SHELL32(00000001,?), ref: 0053EF82
                                                                                • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0053EF90
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: IconNotifyShell_
                                                                                • String ID:
                                                                                • API String ID: 1144537725-0
                                                                                • Opcode ID: 6cf9c8977a6ee7d7551bdbb86147d93ff0f6acaceb2888ad07d080f8f2946c3f
                                                                                • Instruction ID: 140ddf224e1ac0071f4afa73a29f6aeefced5e4f652ca4f3f72ed957f93c7d08
                                                                                • Opcode Fuzzy Hash: 6cf9c8977a6ee7d7551bdbb86147d93ff0f6acaceb2888ad07d080f8f2946c3f
                                                                                • Instruction Fuzzy Hash: 88E0E5716043089FD7609FA5D909A53BBE8BB18350B418419F985C7A51E7B5F804DB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055D3C2 Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(005F82AC), ref: 0055D3D0
                                                                                • RtlLeaveCriticalSection.NTDLL(005F82AC), ref: 0055D772
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID:
                                                                                • API String ID: 3168844106-0
                                                                                • Opcode ID: 69fade488a2daf5b0d33100d7b6e5c2c6e2b554c9a7e772abfbe24f4c0ff2bce
                                                                                • Instruction ID: 687bc6ef043110ea25c150e84529766c4bbe162a8e3f742925d724fab3c7119f
                                                                                • Opcode Fuzzy Hash: 69fade488a2daf5b0d33100d7b6e5c2c6e2b554c9a7e772abfbe24f4c0ff2bce
                                                                                • Instruction Fuzzy Hash: 3571AF76D002299BCF36DB64DC54B9EBBB8BF04741F0401EBE809A7245E674AB84CF60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005344E9 Relevance: 1.7, APIs: 1, Instructions: 178filenetworkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • InternetReadFile.WININET(?,?,0000A000,?), ref: 005345B9
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: FileInternetRead
                                                                                • String ID:
                                                                                • API String ID: 778332206-0
                                                                                • Opcode ID: 3302acf4f4ca46003c1b9813f0d3ec3f7bbda4dcce8842e17182ec94a3911771
                                                                                • Instruction ID: 3b405c5cb454782a1b6bac022e327d9cf5e5c847c287a13ea002170509f55c63
                                                                                • Opcode Fuzzy Hash: 3302acf4f4ca46003c1b9813f0d3ec3f7bbda4dcce8842e17182ec94a3911771
                                                                                • Instruction Fuzzy Hash: CB61F871A101598BEF19CF74CC8979DBB76BF86304F208258E009B7296D774AAC5CF11
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051F210 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SHGetValueW.SHLWAPI(?,?,?,?,?,00000800), ref: 0051F2C3
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID:
                                                                                • API String ID: 3702945584-0
                                                                                • Opcode ID: 03fae92b57d0e09e69ed54268aa2e49c12d3f0903cf40445a32cad025528a37a
                                                                                • Instruction ID: 588d55e334d9ee98d5a546bf8894925fbcf3bd5eea1575e6c8720b74bcb76b53
                                                                                • Opcode Fuzzy Hash: 03fae92b57d0e09e69ed54268aa2e49c12d3f0903cf40445a32cad025528a37a
                                                                                • Instruction Fuzzy Hash: 98416A719005199BEB10DF58CC49BDABBF9FF44310F0482A9E869D7291EB749E858FD0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00533B7C Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PathFileExistsW.SHLWAPI(?), ref: 00533C4B
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ExistsFilePath
                                                                                • String ID:
                                                                                • API String ID: 1174141254-0
                                                                                • Opcode ID: 70aa97bc474be7712c7cc5e4991ab285b1d7792e81e9f85cad9c6a7bc4eb1477
                                                                                • Instruction ID: 29b89dee782fbf713c4bf72ee0283bdbae507687f5817b9ad1d5f393dac97020
                                                                                • Opcode Fuzzy Hash: 70aa97bc474be7712c7cc5e4991ab285b1d7792e81e9f85cad9c6a7bc4eb1477
                                                                                • Instruction Fuzzy Hash: A631C37090021A8BDF24EF24CC49BED7B75BF41304F5445A8EC1A6B282E7796A85DF62
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054BD45 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0054C965
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Exception@8Throw
                                                                                • String ID:
                                                                                • API String ID: 2005118841-0
                                                                                • Opcode ID: f61999f3c0ba25a6eceaabb6047c6216cb83635eb6328311f12a28f38ea35ea2
                                                                                • Instruction ID: 47bfbb91ad24f44a416406df18673e8b14004c3b4c9bb8ef830277386b1529f7
                                                                                • Opcode Fuzzy Hash: f61999f3c0ba25a6eceaabb6047c6216cb83635eb6328311f12a28f38ea35ea2
                                                                                • Instruction Fuzzy Hash: D5012B3590460ABFDB049B98DC45FE9BF7CFB81764F104226F81596590DB70EA009690
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00571330 Relevance: 1.6, APIs: 1, Instructions: 51registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,005710E4,00000000,?,?,005710E4,BusType,?,00000104), ref: 00571358
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue
                                                                                • String ID:
                                                                                • API String ID: 3660427363-0
                                                                                • Opcode ID: 44aa5e978a43e8086b1705146639cefe89ad515cd624459ea3af987a7d4a13f5
                                                                                • Instruction ID: fb74dfb70554be875dbe4f2d44c5235913fc646ce29569e2b0dea5960ec4e8c5
                                                                                • Opcode Fuzzy Hash: 44aa5e978a43e8086b1705146639cefe89ad515cd624459ea3af987a7d4a13f5
                                                                                • Instruction Fuzzy Hash: 0501213220061A9BDB248F5CE845BAE7BEDFF94310F10882AFD19C7650D771D961D794
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00520070 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SHSetValueW.SHLWAPI(?,00000004,?,00000001,00000013,?,?,?,0050BAB8,80000002,00000013,?,00000004,?,?), ref: 0052008E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID:
                                                                                • API String ID: 3702945584-0
                                                                                • Opcode ID: f637fe162759ad2a4933554d3291f50924fe06cf926b99f08bb1860963143c39
                                                                                • Instruction ID: edbadab9170a141337dd6cf47dda2105ddf8fcf8c67fb790ea1dfdae21bffc58
                                                                                • Opcode Fuzzy Hash: f637fe162759ad2a4933554d3291f50924fe06cf926b99f08bb1860963143c39
                                                                                • Instruction Fuzzy Hash: 95110C31201A1A9BE700CF6CDC98A5AB7A5FF89725718C255B829CB2E6DB31DC51CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055D8E0 Relevance: 1.5, APIs: 1, Instructions: 40threadCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ResumeThread.KERNEL32(00000000,?,?,00000000,00000000,?,00000000), ref: 0055D91C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ResumeThread
                                                                                • String ID:
                                                                                • API String ID: 947044025-0
                                                                                • Opcode ID: da50d9ce3e45d46d1aae31e640049c0825aa5444d7022df5d33da111b6acc4db
                                                                                • Instruction ID: 6d72189768c0954f2b0c0a1ca3bb531022423abf8717e3fd480f68a1f5bd4d3a
                                                                                • Opcode Fuzzy Hash: da50d9ce3e45d46d1aae31e640049c0825aa5444d7022df5d33da111b6acc4db
                                                                                • Instruction Fuzzy Hash: B4F0FFB5800655BBDE617BA5DD0AE3F3E6DFB90740F404458F40096136DE39A814EB65
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053F8CE Relevance: 1.5, APIs: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • DloadObtainSection.DELAYIMP ref: 0053F8DE
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: DloadObtainSection
                                                                                • String ID:
                                                                                • API String ID: 2375402173-0
                                                                                • Opcode ID: f79d818530d0708b85605d4b9285ffcd2813abadc8317c94560cd93f7f12b778
                                                                                • Instruction ID: 14ae1ac8d0e37a2515016c41d32c404a94e0a553eacadf6380f765a7f0d4438a
                                                                                • Opcode Fuzzy Hash: f79d818530d0708b85605d4b9285ffcd2813abadc8317c94560cd93f7f12b778
                                                                                • Instruction Fuzzy Hash: F2F06DB6C01218BFCF11AF80DD05FDE7B68FB59314F1040A6F90466110D7B99B41EB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00540156 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 4e58445c288fec51cd69aa126b4ebcae1b27cdefd639f4bfeaa2f8a56bbcd740
                                                                                • Instruction ID: 7e2e63f687b0f0f7dba06e9332e47505ef875b0f046c98c408c0d40083710bc5
                                                                                • Opcode Fuzzy Hash: 4e58445c288fec51cd69aa126b4ebcae1b27cdefd639f4bfeaa2f8a56bbcd740
                                                                                • Instruction Fuzzy Hash: A6B0129625C30BBD335863541D0FF7B1F4CF4C8B10331652EB200C5080D4440C444131
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00540142 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: f148c2f2d29bb743d987564f6dbed4c2a2befa29cef1f9a83eadfbd5a9e91e81
                                                                                • Instruction ID: de862f2573abe0c98a8cc6a06f8a132e6ac54cee0c71a4a7d094190d428ba60f
                                                                                • Opcode Fuzzy Hash: f148c2f2d29bb743d987564f6dbed4c2a2befa29cef1f9a83eadfbd5a9e91e81
                                                                                • Instruction Fuzzy Hash: 5EB0129625C10BBD721863641D0FF3B0F6CF0C8B10331A43EB640C5080D4440C054131
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00540174 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 4c3fd4f68ee385cd7da4d42b1389add0ade342f143071ea1eac93e859752ab8b
                                                                                • Instruction ID: a0b2267013a058ffc0dd66a24453c94710ce5cf98d948e2836055fc7509751f5
                                                                                • Opcode Fuzzy Hash: 4c3fd4f68ee385cd7da4d42b1389add0ade342f143071ea1eac93e859752ab8b
                                                                                • Instruction Fuzzy Hash: A1B0129625C10BBD321863541E0FF3B0F5CF0C8B10331643EF600C5080D4440C068131
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054017E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 682bcd0de36d838c062844b818f166f6d27a15a5a1dd596f223a635494d2d44f
                                                                                • Instruction ID: da176a1ab6217f01e0e7e07b6ad9b029a04e538976b64343d38033b3cd0c2370
                                                                                • Opcode Fuzzy Hash: 682bcd0de36d838c062844b818f166f6d27a15a5a1dd596f223a635494d2d44f
                                                                                • Instruction Fuzzy Hash: ECB0129625C10BBD321863541D0FF3B0F5CF0C8B10331643EB200C5080D4444C054131
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00540160 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 2e42d9dad3feb54058ef2d7dab3964713c6be253bd77692a3f2510469ebf3f2c
                                                                                • Instruction ID: bbc7bf802fae6ab20b4ea3461021810f3d4e3fb95fbce04c62a5ca1e5c1d70b4
                                                                                • Opcode Fuzzy Hash: 2e42d9dad3feb54058ef2d7dab3964713c6be253bd77692a3f2510469ebf3f2c
                                                                                • Instruction Fuzzy Hash: 69B0129625D20BBD321863541D0FF7B0F4CF4C8B10331642EB200C5080E4440C044131
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054016A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 3007de1835e4cf666121ac66489d56f9ce4e48a08071884e0ae193290597693b
                                                                                • Instruction ID: b9f3ff1cbcbe0c24d657b8969753f6b8b5bfcbf325f992da198f9a973e215c58
                                                                                • Opcode Fuzzy Hash: 3007de1835e4cf666121ac66489d56f9ce4e48a08071884e0ae193290597693b
                                                                                • Instruction Fuzzy Hash: 0DB0129625C20BBD335863541D0FF3B0F5CF0C8B10331653EB200C5080D4440C454131
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00540192 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 6c6e43a224b996a70ce575e0ec488ab3a4f18a11674d1fb828af5470cf6e026a
                                                                                • Instruction ID: 79dc6a7f0688adce1ce021f80de66123e69fa7a6d65d2a0acf53b7bca71e825e
                                                                                • Opcode Fuzzy Hash: 6c6e43a224b996a70ce575e0ec488ab3a4f18a11674d1fb828af5470cf6e026a
                                                                                • Instruction Fuzzy Hash: 8EB0129626C20BBD335863541D0FF3B0F4CF0C8B10331652EB200C5080D4440C444131
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005401A6 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 005401B8
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 979b9c2dbcb84043740f6f175d6efc5dac19f236130fec63016f697fd1568920
                                                                                • Instruction ID: 5856905cce9e2392d482a0233c8998c2aeeeba2f145f7d051664c6b03c0257ab
                                                                                • Opcode Fuzzy Hash: 979b9c2dbcb84043740f6f175d6efc5dac19f236130fec63016f697fd1568920
                                                                                • Instruction Fuzzy Hash: 66B012B629C306BD320473402D0EF371F1CF4C0B10B30642EB600D0080DCC41D000136
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053F5A0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0053F5B2
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: b0c071b1e59d17ce2d23bd17f5198afc52bfd875e4755e279b22e9b22bba1a4a
                                                                                • Instruction ID: 261dd9f66fa57c2720b9114ee6ab21271d4f0630fa3debeaa709b451f824332d
                                                                                • Opcode Fuzzy Hash: b0c071b1e59d17ce2d23bd17f5198afc52bfd875e4755e279b22e9b22bba1a4a
                                                                                • Instruction Fuzzy Hash: CBB0129265D106FD320463445F0EE371F4CF4C0B11B30947EF201D404098440E010132
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054B9E8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054BA00
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: bc714ed0668fa66c50c1bc40421dfaedee47976136ee0a827aef8cb7b46c6817
                                                                                • Instruction ID: fdad3614f9f4f99b55b6fc53f41e9d322ec6e0b5fc70281e2c39c2f3a1b5cdc6
                                                                                • Opcode Fuzzy Hash: bc714ed0668fa66c50c1bc40421dfaedee47976136ee0a827aef8cb7b46c6817
                                                                                • Instruction Fuzzy Hash: 04B012A739C207FD320423451F4EE371F0CF0C0B21330852EFA00D004098444E450031
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054CB59 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054CB28
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 445b18da094b961367642e6dd17150ebd823def39bf8acbac7ce408be9aaaeaf
                                                                                • Instruction ID: d735d54514e255fea7c77d65bac8768d2117ccf0d25a619557a69fe39292995d
                                                                                • Opcode Fuzzy Hash: 445b18da094b961367642e6dd17150ebd823def39bf8acbac7ce408be9aaaeaf
                                                                                • Instruction Fuzzy Hash: C9B092A2259206BD22886285290FE760E48E0C4B10320452AF102C5080944408444231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054CB45 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054CB28
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: d84f6e66ef2de50680033772e453448692c157e95e86f888ae2ef9ef1bc76d94
                                                                                • Instruction ID: faefb10d650f932f2c990aac1756f2b99e60e770ecb29304fc648a91906a5522
                                                                                • Opcode Fuzzy Hash: d84f6e66ef2de50680033772e453448692c157e95e86f888ae2ef9ef1bc76d94
                                                                                • Instruction Fuzzy Hash: 62B012A225D607BD324862453D0FF370F4CF0C4F10730443EF402C5080D4440C044331
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054CB77 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054CB28
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 45b848b3dfd5c577a3ac983e7e5c87b4576e10a06c4b2732ab5ed38d3351a8fe
                                                                                • Instruction ID: 11fe7286d53afebd86de6ed3eaa9ce3bae39752bf68ea498d4bee619a7e2a55a
                                                                                • Opcode Fuzzy Hash: 45b848b3dfd5c577a3ac983e7e5c87b4576e10a06c4b2732ab5ed38d3351a8fe
                                                                                • Instruction Fuzzy Hash: AAB012A225D507FD324862452D0FF370F4CF0C4F10330883EF802C5080D8440C054331
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054CB6D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054CB28
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 3b6d27f0ac02a0b3a2aa31a22fc9c10f2d907cf56863a88920239184eed79f6d
                                                                                • Instruction ID: fc54dff9581fa87a88a07d0b08a94513828f04c3e7de677d34dd40fc6a46af9a
                                                                                • Opcode Fuzzy Hash: 3b6d27f0ac02a0b3a2aa31a22fc9c10f2d907cf56863a88920239184eed79f6d
                                                                                • Instruction Fuzzy Hash: 4AB092A2259606BD22886245290FE370E48E0C4B10320452AB502C5180944408444231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054CB16 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054CB28
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 3b438dec922134a8e736818c9aba3e96afc80e14ecb526eec01275e44bc77750
                                                                                • Instruction ID: 3a390a18f670cbd1309709fea1cee42ce781bae6b6223ce46de9380fd4dc12c9
                                                                                • Opcode Fuzzy Hash: 3b438dec922134a8e736818c9aba3e96afc80e14ecb526eec01275e44bc77750
                                                                                • Instruction Fuzzy Hash: 7CB092A2259506BD220822412A0FE3B0E08E0C4B10320446AF80284080944459054231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054CB81 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054CB28
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 83544e3c0814840855455191d6eef93690f9a233633a4737675d7e1f4525cc68
                                                                                • Instruction ID: daf93142567d1ce05d7687078faff107ade31c64174d35e31246428a1314934b
                                                                                • Opcode Fuzzy Hash: 83544e3c0814840855455191d6eef93690f9a233633a4737675d7e1f4525cc68
                                                                                • Instruction Fuzzy Hash: 53B012A225D107BD324872852E0FF770F4CF0C4F14330447EF502C50C0D4440C054231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054018D Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 1758bcc206f798ce05fb3d85695be72df0d899012197d08a27d3220047e14200
                                                                                • Instruction ID: 3b78b79112f2c71cc1418b27fced34b635958dcfd46c9de8b81a5ac4721aed0c
                                                                                • Opcode Fuzzy Hash: 1758bcc206f798ce05fb3d85695be72df0d899012197d08a27d3220047e14200
                                                                                • Instruction Fuzzy Hash: B8A011AA2A8203BC322823A02E0FE3B0B0CE0C8B20332A82EB20288080A88008000030
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005401A1 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054011B
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: 41c08df245b9cbfc09886c382bc945b84c8971fd67343ee955b5bcfc85c0ad82
                                                                                • Instruction ID: 3b78b79112f2c71cc1418b27fced34b635958dcfd46c9de8b81a5ac4721aed0c
                                                                                • Opcode Fuzzy Hash: 41c08df245b9cbfc09886c382bc945b84c8971fd67343ee955b5bcfc85c0ad82
                                                                                • Instruction Fuzzy Hash: B8A011AA2A8203BC322823A02E0FE3B0B0CE0C8B20332A82EB20288080A88008000030
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054CB36 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • ___delayLoadHelper2@8.DELAYIMP ref: 0054CB28
                                                                                  • Part of subcall function 0053F99E: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0053FA11
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AccessDloadHelper2@8LoadReleaseSectionWrite___delay
                                                                                • String ID:
                                                                                • API String ID: 3415581147-0
                                                                                • Opcode ID: eba5402d737eeb2eb86635e134cf5b20fef2837a82203cc6ee39dcdb2288ba5f
                                                                                • Instruction ID: 37db009ed24747240b71020c94d394272946e9eebd4f588aecace5932bda0758
                                                                                • Opcode Fuzzy Hash: eba5402d737eeb2eb86635e134cf5b20fef2837a82203cc6ee39dcdb2288ba5f
                                                                                • Instruction Fuzzy Hash: 20A001A66AA603BD764862926E1FE7B0F1CE4C4F65775996EF40389081A88418455231
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00549D90 Relevance: 1.4, APIs: 1, Instructions: 182COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetLastError.KERNEL32(?,00000000,00000001,?,00000000,00000000,?,00000001,00000000,?,00000000,00000000), ref: 00549F18
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1452528299-0
                                                                                • Opcode ID: 938768ba9744a044f54176bf68ffe70331da815cfc05b6cacce12ada181c8896
                                                                                • Instruction ID: a0c80e632a70cc657a915a01a458fc3fccffef3f2023d88fb764ce499e57272a
                                                                                • Opcode Fuzzy Hash: 938768ba9744a044f54176bf68ffe70331da815cfc05b6cacce12ada181c8896
                                                                                • Instruction Fuzzy Hash: E951D0705007469BDB24DF28C84ABABBBE9FF84314F144A6DE45AC76D1EB71E908CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005347CF Relevance: 1.3, APIs: 1, Instructions: 54COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1452528299-0
                                                                                • Opcode ID: 5e1392a0a77d0a7f36789004d7665509497953f00c7516d1dad322b58b368719
                                                                                • Instruction ID: b632872eb4cfed7c0fef0de35d60dfa47bdac899d5958996fd8bfe9f23aa3b46
                                                                                • Opcode Fuzzy Hash: 5e1392a0a77d0a7f36789004d7665509497953f00c7516d1dad322b58b368719
                                                                                • Instruction Fuzzy Hash: F7114F31A002598BDB2CDF74D89A7EDBB72FB84311F1085AED51996281DB345A818E10
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00583FF6 Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetLastError.KERNEL32(005C8B00,00000010), ref: 00584009
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1452528299-0
                                                                                • Opcode ID: f07c69765f3a0a4d9821c99ceef885358c9223f51e9d78c704366f8bcce37e50
                                                                                • Instruction ID: 0b0e8be6adea9a5f1e7c3f2a5d78380553310f48cb6e2911acc489fd3dd3fe07
                                                                                • Opcode Fuzzy Hash: f07c69765f3a0a4d9821c99ceef885358c9223f51e9d78c704366f8bcce37e50
                                                                                • Instruction Fuzzy Hash: B4F08C71500206AFDF04BBB0C80EAAE3F64BF94350F140948F9056B292DB756840DBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0058DB45 Relevance: 1.3, APIs: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetLastError.KERNEL32(?,?,00000000,00000000,?,00596418,?,00000000,?,00000000,?,005966BC,?,00000007,?), ref: 0058DB6D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast
                                                                                • String ID:
                                                                                • API String ID: 1452528299-0
                                                                                • Opcode ID: af31af15696bed55fdd4ad59f6eb06294643c0cc809e04b3b0a7420099d12a25
                                                                                • Instruction ID: 3b3959173e45146299182ff0827e93d075d9d095ac8d82f081bc74e93ecd1ad8
                                                                                • Opcode Fuzzy Hash: af31af15696bed55fdd4ad59f6eb06294643c0cc809e04b3b0a7420099d12a25
                                                                                • Instruction Fuzzy Hash: 85E08C72000609ABDB203BF4AC0DFAA3FECBB503A1F114424FA0CD6091EE748484DB94
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Non-executed Functions

                                                                                Function 00548E0E Relevance: 142.0, APIs: 40, Strings: 41, Instructions: 208libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00548E22
                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00548E39
                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00548E50
                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00548E67
                                                                                • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00548E7E
                                                                                • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00548E95
                                                                                • GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00548EAC
                                                                                • GetProcAddress.KERNEL32(00000000,CreateSemaphoreW), ref: 00548EC3
                                                                                • GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00548EDA
                                                                                • GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00548EF1
                                                                                • GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00548F08
                                                                                • GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00548F1F
                                                                                • GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00548F36
                                                                                • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00548F4D
                                                                                • GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00548F64
                                                                                • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00548F7B
                                                                                • GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00548F92
                                                                                • GetProcAddress.KERNEL32(00000000,FreeLibraryWhenCallbackReturns), ref: 00548FA9
                                                                                • GetProcAddress.KERNEL32(00000000,GetCurrentProcessorNumber), ref: 00548FC0
                                                                                • GetProcAddress.KERNEL32(00000000,CreateSymbolicLinkW), ref: 00548FD7
                                                                                • GetProcAddress.KERNEL32(00000000,GetCurrentPackageId), ref: 00548FEE
                                                                                • GetProcAddress.KERNEL32(00000000,GetTickCount64), ref: 00549005
                                                                                • GetProcAddress.KERNEL32(00000000,GetFileInformationByHandleEx), ref: 0054901C
                                                                                • GetProcAddress.KERNEL32(00000000,SetFileInformationByHandle), ref: 00549033
                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 0054904A
                                                                                • GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00549061
                                                                                • GetProcAddress.KERNEL32(00000000,WakeConditionVariable), ref: 00549078
                                                                                • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0054908F
                                                                                • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 005490A6
                                                                                • GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 005490BD
                                                                                • GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 005490D4
                                                                                • GetProcAddress.KERNEL32(00000000,TryAcquireSRWLockExclusive), ref: 005490EB
                                                                                • GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 00549102
                                                                                • GetProcAddress.KERNEL32(00000000,SleepConditionVariableSRW), ref: 00549119
                                                                                • GetProcAddress.KERNEL32(00000000,CreateThreadpoolWork), ref: 00549130
                                                                                • GetProcAddress.KERNEL32(00000000,SubmitThreadpoolWork), ref: 00549147
                                                                                • GetProcAddress.KERNEL32(00000000,CloseThreadpoolWork), ref: 0054915E
                                                                                • GetProcAddress.KERNEL32(00000000,CompareStringEx), ref: 00549175
                                                                                • GetProcAddress.KERNEL32(00000000,GetLocaleInfoEx), ref: 0054918C
                                                                                • GetProcAddress.KERNEL32(00000000,LCMapStringEx), ref: 005491A3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID: AcquireSRWLockExclusive$CloseThreadpoolTimer$CloseThreadpoolWait$CloseThreadpoolWork$CompareStringEx$CreateEventExW$CreateSemaphoreExW$CreateSemaphoreW$CreateSymbolicLinkW$CreateThreadpoolTimer$CreateThreadpoolWait$CreateThreadpoolWork$FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$FlushProcessWriteBuffers$FreeLibraryWhenCallbackReturns$GetCurrentPackageId$GetCurrentProcessorNumber$GetFileInformationByHandleEx$GetLocaleInfoEx$GetSystemTimePreciseAsFileTime$GetTickCount64$InitOnceExecuteOnce$InitializeConditionVariable$InitializeCriticalSectionEx$InitializeSRWLock$LCMapStringEx$ReleaseSRWLockExclusive$SetFileInformationByHandle$SetThreadpoolTimer$SetThreadpoolWait$SleepConditionVariableCS$SleepConditionVariableSRW$SubmitThreadpoolWork$TryAcquireSRWLockExclusive$WaitForThreadpoolTimerCallbacks$WakeAllConditionVariable$WakeConditionVariable$kernel32.dll
                                                                                • API String ID: 190572456-295688737
                                                                                • Opcode ID: 5ec278103d8df7f8f2b62ab99d003e433f8c5592b29f1df3d8514a91523ea613
                                                                                • Instruction ID: 624736ca84935c67d98e8ddc8f974bd0fd607a7aaafd43179b01adc31185ff8a
                                                                                • Opcode Fuzzy Hash: 5ec278103d8df7f8f2b62ab99d003e433f8c5592b29f1df3d8514a91523ea613
                                                                                • Instruction Fuzzy Hash: 41910C70955A05AFDB049F74FE9DD5A3FF8BB2E3053810919A205D6132EBF4A009EFA4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00564B00 Relevance: 92.1, Strings: 70, Instructions: 4564COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: !((Operand)->Flags & OP_FAR)$!(Operand->Flags & 0x7F)$!X86Instruction->HasDstAddressing$!X86Instruction->HasSrcAddressing$%I64d$%I64u$%ld$%lu$%s %s:[$%s 0x%02X:[$%s:[%s]$(Operand)->Flags & OP_FAR$(Operand)->Length <= 8$(Operand)->TargetAddress$(Operand->Flags & OP_EXEC) && (Instruction->Groups & ITYPE_EXEC)$+0x%02I64X$+0x%02X$+0x%02lX$-0x%02I64X$-0x%02X$-0x%02lX$0x%02I64X=$0x%02X=$0x%02lX=$0x%04I64X$0x%04X$0x%04lX$<0>$<0xFF>$<1>$Index > 0 && Index < MAX_OPTYPE_INDEX && OptypeHandlers[Index]$Instruction->OpcodeBytes[0] == X86_BOUND$Instruction->OperandCount == 1$Instruction->Type == ITYPE_MOV$Operand->Flags & (OP_EXEC|OP_SRC|OP_DST)$Operand->Length$Operand->Length == 1$OperandIndex < 2$OperandIndex == 1$X86Instruction->HasModRM$X86Instruction->OperandSize >= Operand->Length$X86Instruction->Segment < SEG_MAX$X86Instruction->Segment == SEG_DS || X86Instruction->HasSegmentOverridePrefix$X86_Registers[Operand->Register]$[0x%08I64X] ANOMALY: Both conditions of branch go to same address$[0x%08I64X] ANOMALY: Segment override used when segment is explicit$[0x%08I64X] ANOMALY: Undocumented loadall instruction?$[0x%08I64X] ANOMALY: Unexpected address size prefix$[0x%08I64X] ANOMALY: Unexpected operand size prefix$[0x%08I64X] ANOMALY: Unexpected segment override$[0x%08I64X] ANOMALY: segment override used with AMODE_Y$[0x%08I64X] ANOMALY: unexpected segment 0x%02X$[0x%08I64X] ERROR: AMODE_P illegal in 16-bit mode ("%s")$[0x%08I64X] ERROR: AMODE_PR illegal in 16-bit mode ("%s")$[0x%08I64X] ERROR: AMODE_VR illegal in 16-bit mode ("%s")$[0x%08I64X] ERROR: invalid mmx register %d for AMODE_P ("%s")$[0x%08I64X] ERROR: invalid mmx register %d for AMODE_PR ("%s")$[0x%08I64X] ERROR: mod != 3 for AMODE_PR ("%s")$[0x%08I64X] ERROR: mod != 3 for AMODE_R ("%s")$[0x%08I64X] ERROR: mod != 3 for AMODE_VR ("%s")$[0x%08I64X] ERROR: mod = 3 for AMODE_E with OPTYPE_p ("%s")$[0x%08I64X] ERROR: mod = 3 for AMODE_M ("%s")$[eip+ilen$[ip+ilen$[rip+ilen$]=0x%04I64X$]=0x%04X$]=0x%04lX$d:\build\lib_common\dll_anti_hijack\dll_anti_hijack\mhook\disasm-lib\disasm_x86.c$seg_%02X
                                                                                • API String ID: 0-4092827569
                                                                                • Opcode ID: 87e991b316559a90529b6c15b739524083269909b4c997da309544cb3165d1e7
                                                                                • Instruction ID: fc7490b7758238639b607f304624aba95391aaa558a12da9f7290f2dd0c1f2dc
                                                                                • Opcode Fuzzy Hash: 87e991b316559a90529b6c15b739524083269909b4c997da309544cb3165d1e7
                                                                                • Instruction Fuzzy Hash: F48349315087814EE7268B74C866BF77FE5BF62314F0848ACD8EA5B2C3C674A685C761
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00541220 Relevance: 18.3, APIs: 3, Strings: 7, Instructions: 787filenetworkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(005CD450), ref: 0054140C
                                                                                • RtlLeaveCriticalSection.NTDLL(005CD450), ref: 00541461
                                                                                • URLDownloadToCacheFileW.URLMON(00000000,?,?,00000104,00000000,00000000), ref: 0054156A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$CacheDownloadEnterFileLeave
                                                                                • String ID: CSList$CSList$CSVer$CSVer$CheckFailCnt$SOFTWARE\ComMaster$update_sign_url
                                                                                • API String ID: 162770459-140100914
                                                                                • Opcode ID: 04d18bc1d174ef1c2c1318914f8bc94f0a1d6c51b4e89c92f7621d88186e9c79
                                                                                • Instruction ID: 6ad8fcb81d2bbf75a285e7956505db54dc02da0a8402adbe655edc6f28c4cded
                                                                                • Opcode Fuzzy Hash: 04d18bc1d174ef1c2c1318914f8bc94f0a1d6c51b4e89c92f7621d88186e9c79
                                                                                • Instruction Fuzzy Hash: AF5217709002599BDB14DBA8CC49BEDBFB5BF85318F108298F805AB2D2DB749E84CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00564240 Relevance: 10.6, Strings: 8, Instructions: 586COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: !ImmediateSize$!X86Instruction->HasDstAddressing$!X86Instruction->HasSelector$!X86Instruction->HasSrcAddressing$OperandIndex < 2$[0x%08I64X] ANOMALY: Unexpected segment override$[0x%08I64X] ANOMALY: unexpected segment 0x%02X$d:\build\lib_common\dll_anti_hijack\dll_anti_hijack\mhook\disasm-lib\disasm_x86.c
                                                                                • API String ID: 0-4212405855
                                                                                • Opcode ID: a64b33f5e2674e92348a74f8885baab2adbe2f5bd62735d9d638cd0a9f21650b
                                                                                • Instruction ID: 9141f7469c7a67d67197a3af4f58153343226e8a48ba2b3abba1160fd8dea949
                                                                                • Opcode Fuzzy Hash: a64b33f5e2674e92348a74f8885baab2adbe2f5bd62735d9d638cd0a9f21650b
                                                                                • Instruction Fuzzy Hash: 142275315097859FE722CF38C8567EABFE1FB52314F08492DE4EA4B282D371A654CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00598E72 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: __floor_pentium4
                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                • API String ID: 4168288129-2761157908
                                                                                • Opcode ID: 0b4166af618945fd24e228f672566c7cb02a61a88fe29287e060577e4328c746
                                                                                • Instruction ID: e4f17483bdb0f07a53f87e649674156d66d28eabc433709bfe4ad696dfc0e732
                                                                                • Opcode Fuzzy Hash: 0b4166af618945fd24e228f672566c7cb02a61a88fe29287e060577e4328c746
                                                                                • Instruction Fuzzy Hash: 19C23971E086298BDF25CE289D447EABBB9FB84304F1545EED80DE7241E775AE818F40
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055C654 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 51libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(?,InitCommonControlsEx), ref: 0055C65E
                                                                                • PathAppendW.SHLWAPI(?,comctl32.dll,?,?,00000103), ref: 0055C6BD
                                                                                • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0055C6DA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc$AppendPath
                                                                                • String ID: InitCommonControlsEx$comctl32.dll
                                                                                • API String ID: 1313135186-802336580
                                                                                • Opcode ID: 0ada95b72a4b293f20a7758a4e6069783009ce91f91e1950314905dc27a92691
                                                                                • Instruction ID: 65cf3945f0a6d43e5aa006e39e1803be05f89e16b0fd051bd5f6419631689c77
                                                                                • Opcode Fuzzy Hash: 0ada95b72a4b293f20a7758a4e6069783009ce91f91e1950314905dc27a92691
                                                                                • Instruction Fuzzy Hash: 081156F054061D5ADB60DB60DC99BDE7BACBB54305F0080A9AA09E2081DB749B8D8FA9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0056D0B0 Relevance: 6.7, Strings: 5, Instructions: 410COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: !X86Instruction->HasDstAddressing$!X86Instruction->HasSelector$!X86Instruction->HasSrcAddressing$[0x%08I64X] ANOMALY: unexpected segment 0x%02X$d:\build\lib_common\dll_anti_hijack\dll_anti_hijack\mhook\disasm-lib\disasm_x86.c
                                                                                • API String ID: 0-1442041601
                                                                                • Opcode ID: 7dcda3c5cd63d740fc473fb36eeab0a033c12e69149dae932f16e1db4c9a6f95
                                                                                • Instruction ID: add046a3d4e104a05c80824b7b267b2492fc81edd0d1a685c8afee0f20959b99
                                                                                • Opcode Fuzzy Hash: 7dcda3c5cd63d740fc473fb36eeab0a033c12e69149dae932f16e1db4c9a6f95
                                                                                • Instruction Fuzzy Hash: 7DF12871A05B899FE7228F38C4563D6BFF0BB12314F044C69D4EA4B283D3B5A655C7A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0056F150 Relevance: 5.5, Strings: 4, Instructions: 458COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: $%02x$%02x%02x$0000000000000000000000000000000000000000
                                                                                • API String ID: 0-720040708
                                                                                • Opcode ID: 6e3b99f2ffa26360f55bcd9f08d93eca2ae1f6d4f82aac3e648c0d443ac55799
                                                                                • Instruction ID: 0c423bb8eacedd09e717835bbfdb3c593097acf927ed32e6301f30577278b86d
                                                                                • Opcode Fuzzy Hash: 6e3b99f2ffa26360f55bcd9f08d93eca2ae1f6d4f82aac3e648c0d443ac55799
                                                                                • Instruction Fuzzy Hash: A6123A75A002199FDB24DF28D858B9EBBF5FF88310F1485A9E459EB251DB30AE84CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0052ACB0 Relevance: 4.8, APIs: 1, Strings: 1, Instructions: 1315COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CommandLineToArgvW.SHELL32(?,?,00000000,?,?,A0E3A5EF,?,?,?), ref: 0052AFFE
                                                                                  • Part of subcall function 00503560: __CxxThrowException@8.LIBVCRUNTIME ref: 00503577
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ArgvCommandException@8LineThrow
                                                                                • String ID: --PID
                                                                                • API String ID: 1265176686-2442998846
                                                                                • Opcode ID: 82e4faff6c68fbc3f2810efbde3dfb85c17abd40cf84e4e18ae825e6e5643918
                                                                                • Instruction ID: 006caa1c127d0108d6d1fd5bb9b1e4e355ba734a624d28017e761d9462c60413
                                                                                • Opcode Fuzzy Hash: 82e4faff6c68fbc3f2810efbde3dfb85c17abd40cf84e4e18ae825e6e5643918
                                                                                • Instruction Fuzzy Hash: CCB2D570A002169FEB14DF68D899BAEBBB5FF85310F1446ADE4159B2D1EB30AE44CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0052C9B7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetDiskFreeSpaceExW.KERNEL32(?,00000000,00000000,?), ref: 0052CA19
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: DiskFreeSpace
                                                                                • String ID: c:\
                                                                                • API String ID: 1705453755-4070862797
                                                                                • Opcode ID: 7e0b7165d4093d5afe15a986fb5abf8a540b2a7d06fb2fe95d442ac3ba071061
                                                                                • Instruction ID: cefff6db30b019c1cdd57e4827016f19e41c34f94b1da3b69827aefd111b1ce6
                                                                                • Opcode Fuzzy Hash: 7e0b7165d4093d5afe15a986fb5abf8a540b2a7d06fb2fe95d442ac3ba071061
                                                                                • Instruction Fuzzy Hash: CE219735E0022D8ACF20DF54DC55BBDBBB4FF4A700F0041A5E845A7591E7309A80CF95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0055A7C0 Relevance: 1.5, Strings: 1, Instructions: 284COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • Missing ',' or ']' in array declaration, xrefs: 0055A9FD
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: Missing ',' or ']' in array declaration
                                                                                • API String ID: 0-1780669529
                                                                                • Opcode ID: bdb2841dd8ae5a67b9fac8cbf4da48be589285e89d0f28b388fae584a1e30c22
                                                                                • Instruction ID: 9372efc492523c8e672b9804bd52d8aec0c6064b092914fab465eb3f1f334a6a
                                                                                • Opcode Fuzzy Hash: bdb2841dd8ae5a67b9fac8cbf4da48be589285e89d0f28b388fae584a1e30c22
                                                                                • Instruction Fuzzy Hash: DFA1A530A006058FDB29DF68C4A5BAEBBF2FF85311F14461EE9569B291DB34EC49CB41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0057A871 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: 0
                                                                                • API String ID: 0-4108050209
                                                                                • Opcode ID: 80cf2ba7a9fb9db31c49d4e9a09634ba88c9ca560b0aa62c581540893b4189be
                                                                                • Instruction ID: c4a3a947305ec1712bc73805804932eec04001adca766e6dbc2f3f6a3cf048a9
                                                                                • Opcode Fuzzy Hash: 80cf2ba7a9fb9db31c49d4e9a09634ba88c9ca560b0aa62c581540893b4189be
                                                                                • Instruction Fuzzy Hash: 395169716006459BEF344A28755A7FF2F89BBC1300F18C91AEA8EC7282D214DD52F353
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005032D0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @HW
                                                                                • API String ID: 0-1114920328
                                                                                • Opcode ID: 73c44cf46c84b61787ca45e0b81bb5067ffc9b01adf21d44f45e136b37860062
                                                                                • Instruction ID: fef41fce5a3f2af3cbd8c62ba8d37d2f22f98a3bf49c01c53de4cef5eb14528f
                                                                                • Opcode Fuzzy Hash: 73c44cf46c84b61787ca45e0b81bb5067ffc9b01adf21d44f45e136b37860062
                                                                                • Instruction Fuzzy Hash: 414121612192C29FC71E8E6D48806AAFF647F66100B4886DEECC4EF787C514D6A5C7F2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051CA80 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: @mZ
                                                                                • API String ID: 0-3560372690
                                                                                • Opcode ID: b7b37c46f8f252b409b9e2bebecec283c16b92ca70d44d7cac7c21cc6517a0cc
                                                                                • Instruction ID: 7aa7f9cef702171d14c2679746733c562246e500cf5c214650a65aedeab21969
                                                                                • Opcode Fuzzy Hash: b7b37c46f8f252b409b9e2bebecec283c16b92ca70d44d7cac7c21cc6517a0cc
                                                                                • Instruction Fuzzy Hash: A021F2B06017059FDB14CF59D59478ABFF4FB09724F1042AAD8589B785D3BAA908CBD0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00592829 Relevance: .6, Instructions: 637COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 69fd362d48b57b790d34b910202170b7ee6657a57e2e4f7b2afdf729730409e9
                                                                                • Instruction ID: cec5ab93e87a945f0902d3e5e25ca2a80b43f710c6ca54c45a3520a5cc7f307b
                                                                                • Opcode Fuzzy Hash: 69fd362d48b57b790d34b910202170b7ee6657a57e2e4f7b2afdf729730409e9
                                                                                • Instruction Fuzzy Hash: 6E326622D29F415DDB639634C822335A69CBFB73C4F15C727F81AB5DAAEB28D4836101
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00514290 Relevance: .4, Instructions: 352COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: _strcspn
                                                                                • String ID:
                                                                                • API String ID: 3709121408-0
                                                                                • Opcode ID: a270f87abe02f2c0d15b8a555bc9870d13f2bb2c82ad2b4afa4b150bf3d00f90
                                                                                • Instruction ID: 8dd565190577007614fc35cd251911fecdb1ba30c5b8b6f3f97c6865efa51ba0
                                                                                • Opcode Fuzzy Hash: a270f87abe02f2c0d15b8a555bc9870d13f2bb2c82ad2b4afa4b150bf3d00f90
                                                                                • Instruction Fuzzy Hash: DAC1B372E00119AFEF19DFA8DC45AEEBBB9FF48300F14462AF815A7251D734A951CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0057ACCF Relevance: .2, Instructions: 237COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 7d744fdfbd9a91d65b9bdb55e1c930e85854a094bdf8d8c2ae0f2c91c35393b2
                                                                                • Instruction ID: fef899bb6da42ae4ebb8a11985d325b4236926092602158b4a1e1b5023b660ff
                                                                                • Opcode Fuzzy Hash: 7d744fdfbd9a91d65b9bdb55e1c930e85854a094bdf8d8c2ae0f2c91c35393b2
                                                                                • Instruction Fuzzy Hash: 6561587124070A96EE385A28B899BBE2F99FBC1701F14C81AF84ECB9D1D611DD42F317
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0057AF2C Relevance: .2, Instructions: 237COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 2849b40eeb28df7c93c2592ee12307aa9c0e51c4eb130316ef07e2ee059500cf
                                                                                • Instruction ID: f47fe2236a798e85016663c065e2c5af4fcf2b250aef0dd9dc83394fb20f6344
                                                                                • Opcode Fuzzy Hash: 2849b40eeb28df7c93c2592ee12307aa9c0e51c4eb130316ef07e2ee059500cf
                                                                                • Instruction Fuzzy Hash: 466159B52006099AFA385A68B89DBBF6F94BB81340F10C81AE94EDB1C1D7159D81F357
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0057AAA0 Relevance: .2, Instructions: 214COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 01848996d88e4be86252086441e3a0c27b2921f7e37471b9d8bcb48d1a91a811
                                                                                • Instruction ID: 5d4b91bd93d3f312add70bb2406463223bd0b5d83c5b92253c88abb497c9f924
                                                                                • Opcode Fuzzy Hash: 01848996d88e4be86252086441e3a0c27b2921f7e37471b9d8bcb48d1a91a811
                                                                                • Instruction Fuzzy Hash: 71514B712046466BEF394968B65A7BF2F9ABBC2300F18CD09E84EC7282D645DD45F353
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005593E0 Relevance: .2, Instructions: 193COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e871f985482e60b938d76afa0dd9e5fafbaaca207a0e8eab51dbd1fd2c432867
                                                                                • Instruction ID: db9b7e599ddff7d21baaa69657d7cf62d2976daed55ec6e57cdf9f267ab75b76
                                                                                • Opcode Fuzzy Hash: e871f985482e60b938d76afa0dd9e5fafbaaca207a0e8eab51dbd1fd2c432867
                                                                                • Instruction Fuzzy Hash: 67518131701606CFDF18CF24C8A5A6ABBB6FF89315B28446ED846CB691DB35ED06CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054E7A0 Relevance: .2, Instructions: 157COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: d08e4befdda0b81b8ad2098fb14337855a8ab83a01422e8c27afec236685ab1a
                                                                                • Instruction ID: 5869eb3e86aec2ac1cfeb3a2a92f432d1fc48ccdcceba2f7448c1ada847d0e31
                                                                                • Opcode Fuzzy Hash: d08e4befdda0b81b8ad2098fb14337855a8ab83a01422e8c27afec236685ab1a
                                                                                • Instruction Fuzzy Hash: 504122322241054BDB1CCE1CECA21B97BA6FBA2325718465EE48BC77E1C635E825D7A0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005590D0 Relevance: .2, Instructions: 150COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 3e5e5a044dd07d9b9070ab56deeeb7d0f0c12e4330b766a893cabccd98349fb5
                                                                                • Instruction ID: 38c5f606d442271f0189716cccf7a36c1e87c1c65d67840ef2f56599b0b031bb
                                                                                • Opcode Fuzzy Hash: 3e5e5a044dd07d9b9070ab56deeeb7d0f0c12e4330b766a893cabccd98349fb5
                                                                                • Instruction Fuzzy Hash: AE515031701916CFDB18CE29C8A5A667BF5FF89305B28446ED806CB691DB35FC06CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054E180 Relevance: .1, Instructions: 137COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 84ebcf45fca8713fddfed0f3ae3981d5f196656f8343caf2401bb56d2b5e55b5
                                                                                • Instruction ID: 6812d7fb440f3692248da0b62778298bb17040821c1e93f1210ff02ebdb047f5
                                                                                • Opcode Fuzzy Hash: 84ebcf45fca8713fddfed0f3ae3981d5f196656f8343caf2401bb56d2b5e55b5
                                                                                • Instruction Fuzzy Hash: 0D41AF31A05259DFCB14CF6CD8858AEFBE5FFA5200714869EE896DB346D3309944CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054E010 Relevance: .1, Instructions: 134COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 8c2ab34421a7dc1370bccc2ac50ee515cc901552ec4c02d2e04f35c7333aa397
                                                                                • Instruction ID: d1ca0a1186988da99739849799665315e78211ddbdb5db6566f1f887c9ac4c49
                                                                                • Opcode Fuzzy Hash: 8c2ab34421a7dc1370bccc2ac50ee515cc901552ec4c02d2e04f35c7333aa397
                                                                                • Instruction Fuzzy Hash: 06515E31A05249DFCB14CF6CD8855AEFFF5FFAA200B54859EE845AB302C3319A45CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0056E080 Relevance: .1, Instructions: 85COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: a3ed1daf9b7d5df6591197c8ece7b8ef312eb7d35448ae6948dc99e5b3090d2c
                                                                                • Instruction ID: fa2f4c6b1a220bb96f5f53b9ac09a9d6c8bfe587e02a056bb1d326f9355f5e04
                                                                                • Opcode Fuzzy Hash: a3ed1daf9b7d5df6591197c8ece7b8ef312eb7d35448ae6948dc99e5b3090d2c
                                                                                • Instruction Fuzzy Hash: D31181A69412302FDB00185F90A13F267C583AB766F966562E888C77C2D86A258F73B4
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053EAD0 Relevance: .0, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 0e0c96f1da1413c004809c69eede709d987ffb04926782e7851c6ab78dc134d2
                                                                                • Instruction ID: 4cad711b970c5dacf18b142eeb8f6efeb5a1f79dfd7e5efef92392b740731f2b
                                                                                • Opcode Fuzzy Hash: 0e0c96f1da1413c004809c69eede709d987ffb04926782e7851c6ab78dc134d2
                                                                                • Instruction Fuzzy Hash: 75F07FB1011B109FE320DF19E558B87BBF8BB08714F505A0EE58687B90D7B5B548CF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051E190 Relevance: .0, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 18e085e3fd2f6cfed8c55bd8d8a1c9bcd30d30c6aaac9b18c400a49eca242a6c
                                                                                • Instruction ID: b49cb3d379cdbe4974a778474bc68a01236e89bc2ef42e8f82cb6cb921a50df6
                                                                                • Opcode Fuzzy Hash: 18e085e3fd2f6cfed8c55bd8d8a1c9bcd30d30c6aaac9b18c400a49eca242a6c
                                                                                • Instruction Fuzzy Hash: 14E099B0505308ABDB088F08E8247027BE4AB0A31CF30429DE4088F342D3B7C91B8BC8
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00514A40 Relevance: .0, Instructions: 16COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: 07850533e085e04cc9148dc9c522b96c92161fbb244900ecb4e781ed7aaa1cc1
                                                                                • Instruction ID: 0175a84465fae42a9b09c36866daa24769b70a117ecf7ee5505ef186ab0d9929
                                                                                • Opcode Fuzzy Hash: 07850533e085e04cc9148dc9c522b96c92161fbb244900ecb4e781ed7aaa1cc1
                                                                                • Instruction Fuzzy Hash: 84E0F6B0505204ABDB088F59E9547167AE4AB0A31CF24429DE8088F782D3B7D95B9BD9
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054A4D0 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 156COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • StrStrIW.SHLWAPI(?,--set_log_lev=0,A0E3A5EF), ref: 0054A50D
                                                                                • StrStrIW.SHLWAPI(?,--set_log_lev=1), ref: 0054A52B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: -------log reload switch$--reload_log_switch$--set_log_lev=0$--set_log_lev=1$--set_log_lev=2$--set_log_lev=3$.on
                                                                                • API String ID: 0-1871759157
                                                                                • Opcode ID: 07921534a5a692d46b66c5a38b9c1697bca6d62992c181c87889387b2072c53e
                                                                                • Instruction ID: 3a0e53256ef9771c1e11b1ed79c6a6c01800e7994c5a76fd7a929eef08c23f72
                                                                                • Opcode Fuzzy Hash: 07921534a5a692d46b66c5a38b9c1697bca6d62992c181c87889387b2072c53e
                                                                                • Instruction Fuzzy Hash: 65518C70A40609DFDB14DFA4D849FEEBFB8FF59708F144029E406A7291DB74AA04CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005302A0 Relevance: 23.1, APIs: 4, Strings: 9, Instructions: 381COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • _wcsstr.LIBVCRUNTIME ref: 0053046B
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                • PathAppendW.SHLWAPI(?,ComputerZ_CN.exe), ref: 005307B5
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$AppendEnterInitIos_base_dtorLeavePath_wcsstrstd::ios_base::_std::locale::_
                                                                                • String ID: (null)$ComputerZTray.exe cmd : $ComputerZTrayMainWnd$ComputerZTrayMainWndName$ComputerZ_CN.exe$[I]$computerZ_CN.exe cmd : $d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\mainwnd.cpp$softmgrrun
                                                                                • API String ID: 1735753686-3306360755
                                                                                • Opcode ID: 13fdcdde7c9a3beabda448eaa1705ab41e4220182e9bbeff44469fd01e92f375
                                                                                • Instruction ID: 000b02e525588172077f7ecc41228de7113b12b96f037b73e1ba52a34cd71bf1
                                                                                • Opcode Fuzzy Hash: 13fdcdde7c9a3beabda448eaa1705ab41e4220182e9bbeff44469fd01e92f375
                                                                                • Instruction Fuzzy Hash: C3E19170A006599FEB20EB68CC59BAEBFA4BF55314F4041D8E509A72C2DB749F84CF61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00538565 Relevance: 21.4, APIs: 4, Strings: 8, Instructions: 442COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(005CC2CC), ref: 0053869F
                                                                                • RtlLeaveCriticalSection.NTDLL(005CC2CC), ref: 005386E7
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave$InitIos_base_dtorstd::ios_base::_std::locale::_
                                                                                • String ID: (ms)$(null)$Set download timeout : $ShowWindowsTips, msg=$[I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\progresspage.cpp$ldsdownstart$retry netbridge download
                                                                                • API String ID: 3495119352-3579008082
                                                                                • Opcode ID: 5c3e6897fcca1629dbfc99f8bfd0431f0e4e1768545546014c2001116e1ebd88
                                                                                • Instruction ID: be8d8e98ba37787d12dd173362e575f0113fcad01868a0b9d282165749c21ed5
                                                                                • Opcode Fuzzy Hash: 5c3e6897fcca1629dbfc99f8bfd0431f0e4e1768545546014c2001116e1ebd88
                                                                                • Instruction Fuzzy Hash: FBF1D531A00209EFEB14DBA4CC4ABBEBFB5BF94314F144159F505AB2C2DB749A45CB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005348C0 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 435networkCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                • InternetOpenW.WININET(00000000,00000000,00000000,00000000), ref: 00534AC1
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                • InternetConnectW.WININET(?,?,00000050,00000000,00000000,00000003,00000000,00000000), ref: 00534B8B
                                                                                • GetLastError.KERNEL32(?,00000003,00000000,005A5A3C,005A5A3E,?,005A5A3E,?,?,?,?,?,?,005A5A3C), ref: 00534C38
                                                                                • HttpOpenRequestW.WININET(?,005A5A30,?,?,00000000,00000000,?,00000000), ref: 00534CD6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalInternetOpenSection$ConnectEnterErrorHttpInitIos_base_dtorLastLeaveRequeststd::ios_base::_std::locale::_
                                                                                • String ID: 0ZZ$<ZZ$CWininetHttp::SendRequest$P$[I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\net\wininet_tttp.cc
                                                                                • API String ID: 3237965293-4225159990
                                                                                • Opcode ID: a482abe954b3983455f34b0f8872416f2f6713374ad1b75d7cc0f238a3284ace
                                                                                • Instruction ID: adc9e1f4f0358ed817e2112d3c38fe22851f4a47abad3ce91c14d1d05f0098d9
                                                                                • Opcode Fuzzy Hash: a482abe954b3983455f34b0f8872416f2f6713374ad1b75d7cc0f238a3284ace
                                                                                • Instruction Fuzzy Hash: CE02B471A002199FEF24DF64CC99BDEBFB5BF45304F108199E809AB281DB74AA84CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00506F80 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 198COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • std::locale::_Init.LIBCPMT ref: 00507010
                                                                                  • Part of subcall function 00545F9B: __EH_prolog3.LIBCMT ref: 00545FA2
                                                                                  • Part of subcall function 00545F9B: std::_Lockit::_Lockit.LIBCPMT ref: 00545FAD
                                                                                  • Part of subcall function 00545F9B: std::locale::_Setgloballocale.LIBCPMT ref: 00545FC8
                                                                                  • Part of subcall function 00545F9B: _Yarn.LIBCPMT ref: 00545FDE
                                                                                  • Part of subcall function 00545F9B: std::_Lockit::~_Lockit.LIBCPMT ref: 0054601E
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00507052
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00507074
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00507094
                                                                                • std::_Facet_Register.LIBCPMT ref: 005070FA
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00507116
                                                                                • std::ios_base::_Addstd.LIBCPMT ref: 0050716D
                                                                                  • Part of subcall function 0054647A: std::_Lockit::_Lockit.LIBCPMT ref: 00546483
                                                                                  • Part of subcall function 0054647A: std::_Lockit::~_Lockit.LIBCPMT ref: 005464BE
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0050719A
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 005071DC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Throwstd::locale::_$AddstdFacet_H_prolog3InitRegisterSetgloballocaleYarnstd::ios_base::_
                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 3620461746-1866435925
                                                                                • Opcode ID: 87a226bef55e4f93d9992a2c36687b36a8822554c6d380ef96f36f2876ce8f1c
                                                                                • Instruction ID: 952bcbec9f0214bad2651a0ce7649a8258a986a5df0cf24e664cc7fbc0c57e42
                                                                                • Opcode Fuzzy Hash: 87a226bef55e4f93d9992a2c36687b36a8822554c6d380ef96f36f2876ce8f1c
                                                                                • Instruction Fuzzy Hash: 35719AB1904A099FDB20DF64C889B9EBFF4FF58314F104519E8459B2D2EB75B908CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053A97D Relevance: 19.6, APIs: 3, Strings: 8, Instructions: 389libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(?,Start), ref: 0053AA4E
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$AddressEnterInitIos_base_dtorLeaveProcstd::ios_base::_std::locale::_
                                                                                • String ID: Start$[I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\progresspage.cpp$error : inst /Start/ mainentry nullptr$error : inst dll module null!$inst dll out str : $ldsinsrun$run dll finish ret :
                                                                                • API String ID: 1645606805-1725509457
                                                                                • Opcode ID: 9deacdb6c355d09121fc8732b1c0d2207fd60e26fbafdfecbc688f24a89b126b
                                                                                • Instruction ID: b73d7ac66f6897e4fe20aebe454bfb3c842f8bfbcd93131012f56ec321d14343
                                                                                • Opcode Fuzzy Hash: 9deacdb6c355d09121fc8732b1c0d2207fd60e26fbafdfecbc688f24a89b126b
                                                                                • Instruction Fuzzy Hash: B0E1F530900209AFEB14EFA4CC4ABEEBFB5BF95304F144158F545AB2C2DB749A45DB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00521079 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 229COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 005210B0
                                                                                • GetLastError.KERNEL32(0054CD4A,?,00000000,00000000,?,0054D297,?,0000FDE9), ref: 005210C0
                                                                                • RtlEnterCriticalSection.NTDLL(005CC2CC), ref: 0052112B
                                                                                • RtlLeaveCriticalSection.NTDLL(005CC2CC), ref: 00521179
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave$ErrorException@8InitIos_base_dtorLastThrowstd::ios_base::_std::locale::_
                                                                                • String ID: PV$[I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\dependence_file_downloader.cc$info : skip download filepath = $ios_base::badbit set$jUhHpZ$+
                                                                                • API String ID: 1129775457-965085232
                                                                                • Opcode ID: f1b1cee4344eed72cc12009f585c237ca9a23c6769183f7d68a7c2b9d4ecb6e4
                                                                                • Instruction ID: 15cba18c922fca3f646b5c1d78c846d09ff1f5c240895f163c6d52ee3105231d
                                                                                • Opcode Fuzzy Hash: f1b1cee4344eed72cc12009f585c237ca9a23c6769183f7d68a7c2b9d4ecb6e4
                                                                                • Instruction Fuzzy Hash: F181E371A006299FEF14DB64DC49BEEBFB5BF66300F1041A8E405A72C1DB749A84CB64
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00506290 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 157COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00506313
                                                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00506362
                                                                                • __Getctype.LIBCPMT ref: 0050637F
                                                                                • __Getcvt.LIBCPMT ref: 0050638F
                                                                                • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 005063DE
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00506476
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 005064A7
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: std::_$Locinfo::_Lockit$Exception@8GetctypeGetcvtLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_Throw
                                                                                • String ID: PUZ$bad locale name$pP$pP
                                                                                • API String ID: 3553424984-1600642475
                                                                                • Opcode ID: 6f309408be372ee7c51bc8037639c01aab34c0150736b7a3218ffc6aa2714cc1
                                                                                • Instruction ID: 2b9cc9a70592b0de80da56bac082c0004248d9a91c4ae66940589ff1dd059711
                                                                                • Opcode Fuzzy Hash: 6f309408be372ee7c51bc8037639c01aab34c0150736b7a3218ffc6aa2714cc1
                                                                                • Instruction Fuzzy Hash: 2A517CB0D007598BEF10DFA4C945BDEBFB8BF14314F144658E908AB282EB74AA44CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00530513 Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 290COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PathAppendW.SHLWAPI(?,ComputerZTray.exe), ref: 005305AD
                                                                                • PathAppendW.SHLWAPI(?,ComputerZ_CN.exe), ref: 005307B5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AppendPath
                                                                                • String ID: (null)$ComputerZTray.exe$ComputerZ_CN.exe$[I]$computerZ_CN.exe cmd : $d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\mainwnd.cpp
                                                                                • API String ID: 3286331749-2628716026
                                                                                • Opcode ID: 4911492517e3980625b7f70236a3385a0632e1026f546dd9226e013ed273381f
                                                                                • Instruction ID: 60ab6d758951e64ff4c78d4b2d94a21552722e90c8d9b76ed093b1a820a62bcf
                                                                                • Opcode Fuzzy Hash: 4911492517e3980625b7f70236a3385a0632e1026f546dd9226e013ed273381f
                                                                                • Instruction Fuzzy Hash: 9CB1D771A007199FEB20DB68CC59B9EBBB8BF55310F0041D9E509A72D2DB749E84CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00526E91 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 277COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetLastError.KERNEL32 ref: 00526E95
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 00526EF3
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 00526F13
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterErrorLastLeave
                                                                                • String ID: Module$Module_Raw$REGISTRY
                                                                                • API String ID: 4082018349-549000027
                                                                                • Opcode ID: e5a390950d77be662583c285e49e306147883162b64e00f85eebb6a91e9eb82c
                                                                                • Instruction ID: fce9fd0b86281579f5cd37e88e13360c5689277c6a423b3d09508ac7d068bdfa
                                                                                • Opcode Fuzzy Hash: e5a390950d77be662583c285e49e306147883162b64e00f85eebb6a91e9eb82c
                                                                                • Instruction Fuzzy Hash: 03A1C532A002298BCB24DB54ED85BEE77B8BF9A304F0001D9E90A97581EF359F84CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0052726A Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 269COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetLastError.KERNEL32 ref: 0052726E
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 005272CC
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 005272EC
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 00527488
                                                                                  • Part of subcall function 00524530: RtlEnterCriticalSection.NTDLL(?), ref: 0052453E
                                                                                  • Part of subcall function 00524530: RtlLeaveCriticalSection.NTDLL(?), ref: 0052454D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$Leave$Enter$ErrorLast
                                                                                • String ID: Module$Module_Raw$REGISTRY
                                                                                • API String ID: 1688564333-549000027
                                                                                • Opcode ID: 4472496e735d63284b0c1b1fe0cb7e9c4c035989a0927472c3e4f614b66ed7f0
                                                                                • Instruction ID: 5d42c2b8a248487f4fe41cb4c4dc31d50d7eebaf4ff98f6653f6ffa4be9620f7
                                                                                • Opcode Fuzzy Hash: 4472496e735d63284b0c1b1fe0cb7e9c4c035989a0927472c3e4f614b66ed7f0
                                                                                • Instruction Fuzzy Hash: 0891C932A0422D8BCB24DB54EC85BEE7778BF9A300F0005A9E90A97581EF359F44DF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0053EFD0 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 190libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0054A950: RtlEnterCriticalSection.NTDLL(005F7AA4), ref: 0054A98D
                                                                                  • Part of subcall function 0054A950: RtlLeaveCriticalSection.NTDLL(005F7AA4), ref: 0054AA1C
                                                                                • GetProcAddress.KERNEL32(00000000,RtlGetNtVersionNumbers), ref: 0053F1AD
                                                                                  • Part of subcall function 00504BA0: std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 00507E20: __CxxThrowException@8.LIBVCRUNTIME ref: 005080BB
                                                                                  • Part of subcall function 005058C0: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00505931
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$AddressEnterException@8InitIos_base_dtorLeaveProcThrowstd::ios_base::_std::locale::_
                                                                                • String ID: (null)$,tip:$,title:$RtlGetNtVersionNumbers$[D]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\tray_icon\tray_icon.cc$info:$ntdll.dll
                                                                                • API String ID: 712128194-2244017690
                                                                                • Opcode ID: 4d80b89b6eb4ef95de0260de3818946f4e4f016ee32c9c7ce74a16c8210939f8
                                                                                • Instruction ID: 9fab21907fc246c60d36f144923ef4177360e2d1a737660fa148e80e88756e51
                                                                                • Opcode Fuzzy Hash: 4d80b89b6eb4ef95de0260de3818946f4e4f016ee32c9c7ce74a16c8210939f8
                                                                                • Instruction Fuzzy Hash: 77617171900219EFDB14DFA4D899BAEBFB8FF85700F004169E811AB2C1DB74AD45CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00546B18 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 59COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 00546B1F
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00546B29
                                                                                • int.LIBCPMT ref: 00546B40
                                                                                  • Part of subcall function 00546C5A: std::_Lockit::_Lockit.LIBCPMT ref: 00546C6B
                                                                                  • Part of subcall function 00546C5A: std::_Lockit::~_Lockit.LIBCPMT ref: 00546C85
                                                                                • std::locale::_Getfacet.LIBCPMT ref: 00546B49
                                                                                • numpunct.LIBCPMT ref: 00546B63
                                                                                • std::_Facet_Register.LIBCPMT ref: 00546B7A
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00546B9A
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00546BB8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prolog3RegisterThrownumpunctstd::locale::_
                                                                                • String ID: ,y_
                                                                                • API String ID: 1681632520-3409963084
                                                                                • Opcode ID: f018747364950088be7c3c853773485ec62ad128c53becf98243f3bcb6ae7b58
                                                                                • Instruction ID: 6980c98a99e14b52171cb0137150ff5be7c652466a2e9a242abed55e32546f3b
                                                                                • Opcode Fuzzy Hash: f018747364950088be7c3c853773485ec62ad128c53becf98243f3bcb6ae7b58
                                                                                • Instruction Fuzzy Hash: 6A11BE7190061A9BCF05EBA4C819BFD7FB5FFC5318F240018E400AB292DB749A09CB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00586D37 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 275COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00586E4B
                                                                                • __dosmaperr.LIBCMT ref: 00586E52
                                                                                • GetLastError.KERNEL32(00000001,00000000), ref: 00586E68
                                                                                • __dosmaperr.LIBCMT ref: 00586E71
                                                                                • GetLastError.KERNEL32 ref: 0058700D
                                                                                • __dosmaperr.LIBCMT ref: 00587014
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorLast__dosmaperr
                                                                                • String ID: H${pX
                                                                                • API String ID: 1659562826-2480601981
                                                                                • Opcode ID: 644bd708449661cb7c8bf4069b36e703fc2c1985b6ded9bd6d065ecbaec98297
                                                                                • Instruction ID: 3868a8a75a5064ed4cb6d27ba45ff0dc7dab45c7f8a2f1a1225e7872945c901c
                                                                                • Opcode Fuzzy Hash: 644bd708449661cb7c8bf4069b36e703fc2c1985b6ded9bd6d065ecbaec98297
                                                                                • Instruction Fuzzy Hash: E2A16732A045498FDF19EF68D85ABAE7FA1BB4A320F140149FC15EB391DB348C16DB52
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00530574 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 237COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0051ED80: SHGetValueW.SHLWAPI(80000002,SOFTWARE\Ludashi,Setup Path,00000001,?,?), ref: 0051EDED
                                                                                  • Part of subcall function 0051ED80: PathFileExistsW.SHLWAPI(?), ref: 0051EDFE
                                                                                • PathAppendW.SHLWAPI(?,ComputerZ_CN.exe), ref: 005307B5
                                                                                  • Part of subcall function 0052CF40: PathIsRelativeW.SHLWAPI(?,?,A0E3A5EF,00000000,00000000,?), ref: 0052CF84
                                                                                  • Part of subcall function 0052CF40: PathFileExistsW.SHLWAPI(?), ref: 0052D02D
                                                                                • RtlEnterCriticalSection.NTDLL(005CC2CC), ref: 005308AA
                                                                                • RtlLeaveCriticalSection.NTDLL(005CC2CC), ref: 005308F6
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Path$CriticalExistsFileSection$AppendEnterLeaveRelativeValue
                                                                                • String ID: (null)$ComputerZ_CN.exe$[I]$computerZ_CN.exe cmd : $d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\mainwnd.cpp
                                                                                • API String ID: 582959469-719016493
                                                                                • Opcode ID: 32513c1bd903b0f39c8d29821eda9d8eb459e4b2063af516148c97bc35db4085
                                                                                • Instruction ID: 68f8ccbd0b37ecc6fcd096587bb4a714431bd5e96cffabca8eda5de9ecd07c97
                                                                                • Opcode Fuzzy Hash: 32513c1bd903b0f39c8d29821eda9d8eb459e4b2063af516148c97bc35db4085
                                                                                • Instruction Fuzzy Hash: 2991E371A007199FEB20EB68CC59BAEBBB4BF45310F0041E9E509972D2EB749E84CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00570C30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 183registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegEnumKeyExW.ADVAPI32(00000000,00000000,?,00000104,00000000,00000000,00000000,?,80000002,SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318},00000008,A0E3A5EF,?,?), ref: 00570CE7
                                                                                • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,00000001,?), ref: 00570D1E
                                                                                • RegQueryValueExW.ADVAPI32(?,BusType,00000000,?,?,?), ref: 00570D6F
                                                                                • RegCloseKey.ADVAPI32(?), ref: 00570E83
                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00570EC7
                                                                                Strings
                                                                                • BusType, xrefs: 00570D69
                                                                                • NetCfgInstanceId, xrefs: 00570DF9
                                                                                • SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}, xrefs: 00570C87
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Close$EnumOpenQueryValue
                                                                                • String ID: BusType$NetCfgInstanceId$SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}
                                                                                • API String ID: 2376581753-2100781267
                                                                                • Opcode ID: 63d4a4abbdc4258f53abd2259bf8e412191d47a3ba3ae8a6f589ad206b2f659b
                                                                                • Instruction ID: 26406a6222e45171d8d99f8ba6d14164f8a2b50931b62aaa9f1fe66888adb947
                                                                                • Opcode Fuzzy Hash: 63d4a4abbdc4258f53abd2259bf8e412191d47a3ba3ae8a6f589ad206b2f659b
                                                                                • Instruction Fuzzy Hash: 32713EB1A01218DADB20CB14DC84BEEBBF8FF48314F5495D9EA09A7281DB749E84CF55
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00508A40 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 127COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeGetcvtRegister
                                                                                • String ID: PUZ
                                                                                • API String ID: 2755674607-3750749785
                                                                                • Opcode ID: d46150a8004bdf4280633a5610f9ab9456f4c746aed7d00510d85137edc61b25
                                                                                • Instruction ID: 86c3e30aaf14c3219eab6184e4eaa480a6fdad059034d1aec7a0c460770a97f4
                                                                                • Opcode Fuzzy Hash: d46150a8004bdf4280633a5610f9ab9456f4c746aed7d00510d85137edc61b25
                                                                                • Instruction Fuzzy Hash: B851E171D006199BCB21DF18C885BBEBFF4FF58314F148559E885AB292EF30A985CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0052612B Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 377registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,00000000,00020006), ref: 00526287
                                                                                • CharNextW.USER32(?,?,?,Val), ref: 005262CB
                                                                                  • Part of subcall function 005253C0: RegCloseKey.ADVAPI32(00000000), ref: 00525447
                                                                                • RegCloseKey.ADVAPI32(00000000,?), ref: 005266F0
                                                                                  • Part of subcall function 005251B0: CharNextW.USER32(?,?,?,?), ref: 005251EE
                                                                                  • Part of subcall function 005251B0: CharNextW.USER32(00000000,?,?), ref: 0052521B
                                                                                  • Part of subcall function 005251B0: CharNextW.USER32(75BFA7D0,?,?), ref: 00525234
                                                                                  • Part of subcall function 005251B0: CharNextW.USER32(75BFA7D0,?,?), ref: 0052523F
                                                                                  • Part of subcall function 005251B0: CharNextW.USER32(?,?,?), ref: 005252AE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CharNext$Close
                                                                                • String ID: Advapi32.dll$Val
                                                                                • API String ID: 3571514003-646274993
                                                                                • Opcode ID: 82e1293aa09237a4194c70cf1cc6792081607a693e68302b6112b6d052e8e21b
                                                                                • Instruction ID: 4a76d8dbacde5a96272953c0837ee3e1a3855e428d53dd772bbb7b315040d975
                                                                                • Opcode Fuzzy Hash: 82e1293aa09237a4194c70cf1cc6792081607a693e68302b6112b6d052e8e21b
                                                                                • Instruction Fuzzy Hash: D6D1C631901236A7DF359F94AC9CBAE7AB4BF56704F0001E9E905A72C0EB75DE84CE91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00538F20 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 213COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,0000001A,00000001,?,?,005374BE), ref: 00538F79
                                                                                • PathFileExistsW.SHLWAPI(?,?,?), ref: 00538FB0
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Path$ExistsFileFolderSpecial
                                                                                • String ID: (null)$Decided download url : $[I]$\ludashi\ludashisetup.exe$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\progresspage.cpp
                                                                                • API String ID: 143618016-238558773
                                                                                • Opcode ID: d053c19e9f0cb99fb12b994dc02ce0ff518911689bc65a7f99fee3d5f47b8a96
                                                                                • Instruction ID: 33ad6b5753e955bb8d6a5f597b0b70b5f4f87b0f2554fbc96777f3e165086665
                                                                                • Opcode Fuzzy Hash: d053c19e9f0cb99fb12b994dc02ce0ff518911689bc65a7f99fee3d5f47b8a96
                                                                                • Instruction Fuzzy Hash: 3981A270A0021A9BDB28DF64CC8DBEEBBB5FF85304F1041A8E51957281DB759E85CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005367E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 187COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PathFileExistsW.SHLWAPI(?,A0E3A5EF), ref: 0053681C
                                                                                Strings
                                                                                • &cS, xrefs: 00536A24
                                                                                • [I], xrefs: 0053692A
                                                                                • recheck download file errno : , xrefs: 00536975
                                                                                • d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\progresspage.cpp, xrefs: 0053690E
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ExistsFilePath
                                                                                • String ID: &cS$[I]$d:\jenkins\.jenkins\workspace\master_lu\inst_ui\inst_ui\progresspage.cpp$recheck download file errno :
                                                                                • API String ID: 1174141254-2950647654
                                                                                • Opcode ID: 94eb0978164e853bb4fd3e32c7eb8e38c20de2f1471a0309ce7ab1d7cfbe52bc
                                                                                • Instruction ID: 22d9cb23ab4d1bb7aaefc40e79c82d2033e726a4aadd6ca48f5a4cf9f3c78f06
                                                                                • Opcode Fuzzy Hash: 94eb0978164e853bb4fd3e32c7eb8e38c20de2f1471a0309ce7ab1d7cfbe52bc
                                                                                • Instruction Fuzzy Hash: 7861E870A0060AAFEB14DF68CC49BAEBFB5FF45314F14812CE505AB2C1EB749A04CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00550240 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 151COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • std::locale::_Init.LIBCPMT ref: 00550315
                                                                                • std::ios_base::_Addstd.LIBCPMT ref: 005503B8
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00550413
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddstdException@8InitThrowstd::ios_base::_std::locale::_
                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$Z
                                                                                • API String ID: 3446850132-1858054934
                                                                                • Opcode ID: 72b85157d5b727697cdaf18e4ef5d61b04b014efa136c35dfad925e506227203
                                                                                • Instruction ID: d0a08eb5b5aac5c0338381c800d166c7e603bc45bb3d1bcc431519afec29efbd
                                                                                • Opcode Fuzzy Hash: 72b85157d5b727697cdaf18e4ef5d61b04b014efa136c35dfad925e506227203
                                                                                • Instruction Fuzzy Hash: F2517AB09007459FEB10CF54C499B9ABBF0FF04304F14892EE85A9B781D7B6E908CB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00508F80 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 150COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • std::locale::_Init.LIBCPMT ref: 00509055
                                                                                • std::ios_base::_Addstd.LIBCPMT ref: 005090F8
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00509153
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddstdException@8InitThrowstd::ios_base::_std::locale::_
                                                                                • String ID: PVZ$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 3446850132-3562885332
                                                                                • Opcode ID: 5f957d6937c2dbf437eeca988aeee5e913552705e076209012ef1367f9127fd1
                                                                                • Instruction ID: 877bd8c9521e8732778c2bd8acda26ac77eeadd30fe3855e9456c33dc639de83
                                                                                • Opcode Fuzzy Hash: 5f957d6937c2dbf437eeca988aeee5e913552705e076209012ef1367f9127fd1
                                                                                • Instruction Fuzzy Hash: 5C515BB0A007459FDB20CF55C599B9EBBF4FF04304F14852DE95A9B782E7B6A904CB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051B080 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 139windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteObject$Select
                                                                                • String ID: LkZ$lkZ$tkZ
                                                                                • API String ID: 207189511-688627206
                                                                                • Opcode ID: 2c8c836020b0c486a300e86540e5d806e7c4fb2e69851b4ec2ea5a8e9442b166
                                                                                • Instruction ID: b4eee622965f6ac41ae0701440b41d54ac2474bdfffe54c558a37c4507a80f3a
                                                                                • Opcode Fuzzy Hash: 2c8c836020b0c486a300e86540e5d806e7c4fb2e69851b4ec2ea5a8e9442b166
                                                                                • Instruction Fuzzy Hash: 8B513E70200A069FE315DF29CD59EA6FBF9FF94710F14861CA45AC76A1EB74E844CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051D090 Relevance: 12.2, APIs: 8, Instructions: 179windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 0051D19F
                                                                                • CreateCompatibleBitmap.GDI32(00000000), ref: 0051D1EF
                                                                                • SelectObject.GDI32(00000000,00000000), ref: 0051D203
                                                                                • SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 0051D221
                                                                                • BitBlt.GDI32(?,?,?,?,?,?,?,?,00CC0020), ref: 0051D25E
                                                                                • SelectObject.GDI32(?,00000000), ref: 0051D26C
                                                                                • DeleteObject.GDI32(?), ref: 0051D279
                                                                                • DeleteDC.GDI32(?), ref: 0051D284
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Object$CompatibleCreateDeleteSelect$BitmapViewport
                                                                                • String ID:
                                                                                • API String ID: 1352937626-0
                                                                                • Opcode ID: 28c53853662a2889c266231abfec0b3459c8e2eeae50be10c3c52e9690639cfe
                                                                                • Instruction ID: e542afcafc6d06527019007871f444c88eaccdc95c698a49e0f5ec011c5ae88c
                                                                                • Opcode Fuzzy Hash: 28c53853662a2889c266231abfec0b3459c8e2eeae50be10c3c52e9690639cfe
                                                                                • Instruction Fuzzy Hash: ED712675D002189FEF21CF64C945BEEBBB8FF59300F108299E919AB251DB75A984CF60
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00546A72 Relevance: 12.1, APIs: 8, Instructions: 54COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __EH_prolog3.LIBCMT ref: 00546A79
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00546A83
                                                                                • int.LIBCPMT ref: 00546A9A
                                                                                  • Part of subcall function 00546C5A: std::_Lockit::_Lockit.LIBCPMT ref: 00546C6B
                                                                                  • Part of subcall function 00546C5A: std::_Lockit::~_Lockit.LIBCPMT ref: 00546C85
                                                                                • std::locale::_Getfacet.LIBCPMT ref: 00546AA3
                                                                                • ctype.LIBCPMT ref: 00546ABD
                                                                                • std::_Facet_Register.LIBCPMT ref: 00546AD4
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00546AF4
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00546B12
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Exception@8Facet_GetfacetH_prolog3RegisterThrowctypestd::locale::_
                                                                                • String ID:
                                                                                • API String ID: 2696520298-0
                                                                                • Opcode ID: fc9196f52aa8a40ccfbef282372c05fc716db4281e55e285df0adced6b96252d
                                                                                • Instruction ID: e5e39b0fbb0a3561fd678c14c47d443ffac90df69233c61b03dd1f55321bd7a2
                                                                                • Opcode Fuzzy Hash: fc9196f52aa8a40ccfbef282372c05fc716db4281e55e285df0adced6b96252d
                                                                                • Instruction Fuzzy Hash: 05118C3290151A9BCF04EBA4C95AAFD7FB4BFC5718F244409E400A7292EF749A05DB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00558720 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 193COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00558909
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0055894B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Exception@8Throw
                                                                                • String ID: _|U$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 2005118841-2737198327
                                                                                • Opcode ID: 8087e4317c810e1f10246e3894f35eaf1346b0f67abaeab76a75df9298b991a7
                                                                                • Instruction ID: 38a035f0c1f4b90293f1e52dd3c77a80a83e38e8d2d2187e8c3276ba1f2b06f9
                                                                                • Opcode Fuzzy Hash: 8087e4317c810e1f10246e3894f35eaf1346b0f67abaeab76a75df9298b991a7
                                                                                • Instruction Fuzzy Hash: 2F61BF71A006049FDB10CF58C495FA9BBF4FF59315F64846AE905AB292EB36ED06CB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054F230 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • std::locale::_Init.LIBCPMT ref: 0054F2C7
                                                                                  • Part of subcall function 00545F9B: __EH_prolog3.LIBCMT ref: 00545FA2
                                                                                  • Part of subcall function 00545F9B: std::_Lockit::_Lockit.LIBCPMT ref: 00545FAD
                                                                                  • Part of subcall function 00545F9B: std::locale::_Setgloballocale.LIBCPMT ref: 00545FC8
                                                                                  • Part of subcall function 00545F9B: _Yarn.LIBCPMT ref: 00545FDE
                                                                                  • Part of subcall function 00545F9B: std::_Lockit::~_Lockit.LIBCPMT ref: 0054601E
                                                                                • std::ios_base::_Addstd.LIBCPMT ref: 0054F361
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0054F3BA
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Lockitstd::_std::locale::_$AddstdException@8H_prolog3InitLockit::_Lockit::~_SetgloballocaleThrowYarnstd::ios_base::_
                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 1794802768-1866435925
                                                                                • Opcode ID: 69977afdac46423d6983d3b0ab4065c7481cdcfffd6794d19057143bbe83cbe7
                                                                                • Instruction ID: c003d2cdb9653bd0413828cdeabd4e5ff60a0b29249199616d3fc9da735dceee
                                                                                • Opcode Fuzzy Hash: 69977afdac46423d6983d3b0ab4065c7481cdcfffd6794d19057143bbe83cbe7
                                                                                • Instruction Fuzzy Hash: 0D41B5B1900B059FE720CF64C449B9BFBF4FF45318F148A2DE4569B681E7B5A944CB81
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00508D50 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00508D81
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00508D9F
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00508DBF
                                                                                • std::_Facet_Register.LIBCPMT ref: 00508E93
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00508EAB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                • String ID: PUZ
                                                                                • API String ID: 459529453-3750749785
                                                                                • Opcode ID: c40fe082136b64fcd460411f8224fc8bb64ed16426c84352c56158db69712e27
                                                                                • Instruction ID: b03ce4fecbff543d8a36dc5c380d3e02eaaf634f631fe8f43c1d0e7ef2f88f82
                                                                                • Opcode Fuzzy Hash: c40fe082136b64fcd460411f8224fc8bb64ed16426c84352c56158db69712e27
                                                                                • Instruction Fuzzy Hash: 8741AD719006199BCB20CF58C880BBEBFB8FB54714F144569E845AB392EB70AE05DB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00508BF0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 113COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00508C21
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00508C3F
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00508C5F
                                                                                • std::_Facet_Register.LIBCPMT ref: 00508D16
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00508D2E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                • String ID: PUZ
                                                                                • API String ID: 459529453-3750749785
                                                                                • Opcode ID: e0e58cac54be535ce8ebf72ece066e74561e90cccf934cab7808fdcd5e3c9a02
                                                                                • Instruction ID: 85b779d0018be0dbe23dc49e7559cd845c520b3854a1cd8009a388b4876b90b0
                                                                                • Opcode Fuzzy Hash: e0e58cac54be535ce8ebf72ece066e74561e90cccf934cab7808fdcd5e3c9a02
                                                                                • Instruction Fuzzy Hash: 2B41EF719016099BDB11DF58C880BBEBFB4FB64714F248569E8469B2C2EB30AD05DBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0056EC60 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 104libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0056ECD7
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 0056ED1C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID: IsWow64Process$RtlGetVersion$kernel32$ntdll
                                                                                • API String ID: 190572456-1059190566
                                                                                • Opcode ID: e4086d1b6103760a1d4189ece884653bdaf0f79bc6d7110abdde96cf48830d65
                                                                                • Instruction ID: 3122e6a2bf2ae96461106b72195880731eb6223ee3f2028e617d6061c5eb4b19
                                                                                • Opcode Fuzzy Hash: e4086d1b6103760a1d4189ece884653bdaf0f79bc6d7110abdde96cf48830d65
                                                                                • Instruction Fuzzy Hash: 04317275D4121DAADB20EF64CC86FDA7BB8FB45700F404099A60CA7282DB74BE44DF91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0052CB30 Relevance: 10.6, APIs: 7, Instructions: 102COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: _wcschr
                                                                                • String ID:
                                                                                • API String ID: 2691759472-0
                                                                                • Opcode ID: 461dfaf79842862da8291183fa1913b92abf0066092f3c2c92e8aef6cc4b21f3
                                                                                • Instruction ID: d9386db05da9252395d125fce97089e5d9c535af8e596d8a1bb6f3cae2a6d0f8
                                                                                • Opcode Fuzzy Hash: 461dfaf79842862da8291183fa1913b92abf0066092f3c2c92e8aef6cc4b21f3
                                                                                • Instruction Fuzzy Hash: EB31B331B411224BDE2859B8E91E73CBFC8BF02726F84493CA95BE75C7D7689C404B41
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0056E810 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(005F84A8), ref: 0056E85E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalEnterSection
                                                                                • String ID: %s,%x,%s$GenuineIntel,806f8,Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz$GenuineIotel
                                                                                • API String ID: 1904992153-2334671515
                                                                                • Opcode ID: 98e931bd50f28300825637059e1669ccac2cb736d1fe8e61d7286dfd263778bc
                                                                                • Instruction ID: 04e2150f1c8056e36d8858cf7ca91aac839f4a1697436ceab4733af891fbe8b4
                                                                                • Opcode Fuzzy Hash: 98e931bd50f28300825637059e1669ccac2cb736d1fe8e61d7286dfd263778bc
                                                                                • Instruction Fuzzy Hash: E5414D71D002199FDB10CFA4DD45BA9BBF8FB49314F14826AE548E7251EB74AA88CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005247F0 Relevance: 9.3, APIs: 6, Instructions: 340COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CharNext
                                                                                • String ID:
                                                                                • API String ID: 3213498283-0
                                                                                • Opcode ID: f8d01454c808e6025e2ec997fdbec895017eb95d4d60fe74ea4d1699fce0c691
                                                                                • Instruction ID: 248acb9db4ca5b65cd14463a0020391fecbd17ec4ac4db0ce8d57271d2362ed0
                                                                                • Opcode Fuzzy Hash: f8d01454c808e6025e2ec997fdbec895017eb95d4d60fe74ea4d1699fce0c691
                                                                                • Instruction Fuzzy Hash: 77D1B571900239DBDB28DB24DC49BE9BB79BF59300F1144A9EA09A72D1D7309E95CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005251B0 Relevance: 9.1, APIs: 6, Instructions: 147COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • CharNextW.USER32(?,?,?,?), ref: 005251EE
                                                                                • CharNextW.USER32(00000000,?,?), ref: 0052521B
                                                                                • CharNextW.USER32(75BFA7D0,?,?), ref: 00525234
                                                                                • CharNextW.USER32(75BFA7D0,?,?), ref: 0052523F
                                                                                • CharNextW.USER32(?,?,?), ref: 005252AE
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CharNext
                                                                                • String ID:
                                                                                • API String ID: 3213498283-0
                                                                                • Opcode ID: 6a0ca1093896ffc7f9ed94e9b2b46bb6af1ceff3cc25a90b95a9b06240ff3589
                                                                                • Instruction ID: 5a7fc3f038e0c225f3972be34074dae1c53aaced0796d53e2064f973cd7b5962
                                                                                • Opcode Fuzzy Hash: 6a0ca1093896ffc7f9ed94e9b2b46bb6af1ceff3cc25a90b95a9b06240ff3589
                                                                                • Instruction Fuzzy Hash: 0841F33A600625DFCB10DF68E880679BBF2FFAA311BA4446AE545C7394F7749D41CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00514DD4 Relevance: 9.1, APIs: 6, Instructions: 64COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SetBkColor.GDI32(?,00E7E5E4), ref: 00514DE2
                                                                                • ExtTextOutW.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 00514DFF
                                                                                • SetBkColor.GDI32(?,?), ref: 00514E0B
                                                                                • SetBkMode.GDI32(?,00000001), ref: 00514E12
                                                                                • SetTextColor.GDI32(?,00333333), ref: 00514E20
                                                                                • SelectObject.GDI32(?,?), ref: 00514E60
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Color$Text$ModeObjectSelect
                                                                                • String ID:
                                                                                • API String ID: 3289356061-0
                                                                                • Opcode ID: 1b2033e8eba80365501b7933789b4bcdb004a0d6ef51fd83a254fc595fb26902
                                                                                • Instruction ID: 40d20af470871b118da3f8017289447623e136e3a2a03d53b1cdb471c84d7dd8
                                                                                • Opcode Fuzzy Hash: 1b2033e8eba80365501b7933789b4bcdb004a0d6ef51fd83a254fc595fb26902
                                                                                • Instruction Fuzzy Hash: 43212970A00308ABEF119BA0CC46FED7F79BB18704F148528E619EB1A1E6659955EF11
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00612AA5 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CreateFrameInfo.LIBCMT ref: 00612ACD
                                                                                  • Part of subcall function 0060E1D3: __getptd.LIBCMT ref: 0060E1E1
                                                                                  • Part of subcall function 0060E1D3: __getptd.LIBCMT ref: 0060E1EF
                                                                                • __getptd.LIBCMT ref: 00612AD7
                                                                                  • Part of subcall function 0060F0C1: __amsg_exit.LIBCMT ref: 0060F0D1
                                                                                • __getptd.LIBCMT ref: 00612AE5
                                                                                • __getptd.LIBCMT ref: 00612AF3
                                                                                • __getptd.LIBCMT ref: 00612AFE
                                                                                • _CallCatchBlock2.LIBCMT ref: 00612B24
                                                                                  • Part of subcall function 0060E278: __CallSettingFrame@12.LIBCMT ref: 0060E2C4
                                                                                  • Part of subcall function 00612BCB: __getptd.LIBCMT ref: 00612BDA
                                                                                  • Part of subcall function 00612BCB: __getptd.LIBCMT ref: 00612BE8
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit
                                                                                • String ID:
                                                                                • API String ID: 3688206559-0
                                                                                • Opcode ID: 0ceadb88447b0e19f414d7405efa72617ac352eee67af5962e0ac293f8fa2db2
                                                                                • Instruction ID: c64c9245800676c88c2e21d0cd95cae6c725f51a4d364267cff82598e1986fd8
                                                                                • Opcode Fuzzy Hash: 0ceadb88447b0e19f414d7405efa72617ac352eee67af5962e0ac293f8fa2db2
                                                                                • Instruction Fuzzy Hash: 5D111C71C40209DFDF54EFA4C445AEE7BB2FF04314F10886AF814A7292DB399A519F64
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051C680 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 244COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                • ludashi\, xrefs: 0051C943
                                                                                • https://www.ludashi.com/page/contact.php, xrefs: 0051C8A9
                                                                                • https://www.ludashi.com, xrefs: 0051CA14
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: https://www.ludashi.com$https://www.ludashi.com/page/contact.php$ludashi\
                                                                                • API String ID: 0-142420814
                                                                                • Opcode ID: 60c02ed7819154253fa6e04877dd338cab621ec6e5a1b2d995029eed76a200af
                                                                                • Instruction ID: 904a8dddcd55b3b4771a10fe993aed25fadc431b9887073e899c93dbc263c4aa
                                                                                • Opcode Fuzzy Hash: 60c02ed7819154253fa6e04877dd338cab621ec6e5a1b2d995029eed76a200af
                                                                                • Instruction Fuzzy Hash: F1A16D74940119DBEF25DF24CC89BE97FA4FF54310F1482A9E909AB291E7729E84CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054EA70 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 225COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0054ECF9
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Exception@8Throw
                                                                                • String ID: H)Z$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 2005118841-3676533627
                                                                                • Opcode ID: 77814bfa87adb5a2eb94609b3808f5720cbc4a2cbe2bb5764c47e562a33bc018
                                                                                • Instruction ID: b1be0be6af0befabf612abb706b4582258fce01106b6920f8f083ab62166d4fa
                                                                                • Opcode Fuzzy Hash: 77814bfa87adb5a2eb94609b3808f5720cbc4a2cbe2bb5764c47e562a33bc018
                                                                                • Instruction Fuzzy Hash: 31918C75A00205CFDB15CF68C896BE9BBB1FF49318F258698E8169B392D731EC45CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00504910 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 211COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00504B61
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Exception@8Throw
                                                                                • String ID: `XPU$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 2005118841-3256881563
                                                                                • Opcode ID: ee9462db898b68f2eca96d163caa1f70312f3da5fe5c3691dcdd45080fed82d5
                                                                                • Instruction ID: 1b01ba18129ca43757aa8fbf244538f85973ed8b918cfdbe63d1c42be5649278
                                                                                • Opcode Fuzzy Hash: ee9462db898b68f2eca96d163caa1f70312f3da5fe5c3691dcdd45080fed82d5
                                                                                • Instruction Fuzzy Hash: D98143B5A006158FDB20CF58C580B6ABBE5FF49304F2585A9EA059B3A2D731EC41CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005052A0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 156COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 005053EB
                                                                                • ___std_exception_copy.LIBVCRUNTIME ref: 0050541F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Exception@8Throw___std_exception_copy
                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 284963293-1866435925
                                                                                • Opcode ID: 5c6faea3d72a6361aabfd9de7fdeea027c4da653eb0c8acce2fe2ce9dcea34af
                                                                                • Instruction ID: 8669394b6af4d22ac39185e9f6a597d41479207f3dbdfe02ba2af8a5b77680e7
                                                                                • Opcode Fuzzy Hash: 5c6faea3d72a6361aabfd9de7fdeea027c4da653eb0c8acce2fe2ce9dcea34af
                                                                                • Instruction Fuzzy Hash: 0E519575A00A059FCB24CF68C584FAEBBE4FF59314F588569E9099B792E771ED00CB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051F3EA Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PathFileExistsW.SHLWAPI(?,?,?,00000001), ref: 0051F411
                                                                                • PathFileExistsW.SHLWAPI(?,?,?,?,00000001), ref: 0051F41C
                                                                                • PathFileExistsW.SHLWAPI(?,?,?,?,00000001), ref: 0051F44A
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ExistsFilePath
                                                                                • String ID: %c:\.temp$%s\lds-%u.tmp
                                                                                • API String ID: 1174141254-2733413842
                                                                                • Opcode ID: 372068944cdf6a9e58a15cef85e09b39364bfc99a9efc85ccb0420359eadb1a3
                                                                                • Instruction ID: a794ea14c681ad61dfe01eb024a3023274e7cbbd89cfe78e46d15093f85cd614
                                                                                • Opcode Fuzzy Hash: 372068944cdf6a9e58a15cef85e09b39364bfc99a9efc85ccb0420359eadb1a3
                                                                                • Instruction Fuzzy Hash: C331ACB5A4121D66EF20E7649C8AFFE776CFF44714F4040B6BA08E60C2EA75CD849761
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0052C7A0 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SHGetValueW.SHLWAPI(80000002,SOFTWARE\Ludashi,Setup Path,00000001,?,?,?,?,A0E3A5EF,00000000,?), ref: 0052C84A
                                                                                • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000026,00000001,LuDaShi,?,?,A0E3A5EF,00000000,?), ref: 0052C8B3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: FolderPathSpecialValue
                                                                                • String ID: LuDaShi$SOFTWARE\Ludashi$Setup Path
                                                                                • API String ID: 105576990-2052645913
                                                                                • Opcode ID: 2b172888b597ce7bb3850440a420d56d3bb3c9c741a7afea00966f3ead2f9932
                                                                                • Instruction ID: 5dedbbf98e99c10054b7fc175226e16a8020ce9e1d331440096e368d1b47cd52
                                                                                • Opcode Fuzzy Hash: 2b172888b597ce7bb3850440a420d56d3bb3c9c741a7afea00966f3ead2f9932
                                                                                • Instruction Fuzzy Hash: 91416F75A0021DABDB14DF58DC49FAEBBF8FB09710F0001A9FA15A7681DB74AA44CF51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005253C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 63registrylibraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000,RegOpenKeyTransactedW), ref: 005253F7
                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,00000000), ref: 00525434
                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00525447
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressCloseOpenProc
                                                                                • String ID: Advapi32.dll$RegOpenKeyTransactedW
                                                                                • API String ID: 1854097376-3913318428
                                                                                • Opcode ID: 3ff4d47bf684d925abaeb6065f451c2bd27d2e05f4e6b7ff93a1398447560408
                                                                                • Instruction ID: 17dc01b01b22d708b2d6d1ebf2a298e26202b1a7c90fe10981180dd5283268e7
                                                                                • Opcode Fuzzy Hash: 3ff4d47bf684d925abaeb6065f451c2bd27d2e05f4e6b7ff93a1398447560408
                                                                                • Instruction Fuzzy Hash: 1F116D31604619FBDF149F55EC04BAABFA9FF5A701F108429F904D6190E7B1D990EB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00506AC0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 56COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00506AEA
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 00506B2C
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Exception@8Throw
                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 2005118841-1866435925
                                                                                • Opcode ID: 301bcc4d683bfb3d2ae9127dd97790553d83835b4512760e55c1449a087f9837
                                                                                • Instruction ID: 957123304c3ab4cca4b7b7e8c46c6a2c02e701071853f2f2e76d71bb586f60d1
                                                                                • Opcode Fuzzy Hash: 301bcc4d683bfb3d2ae9127dd97790553d83835b4512760e55c1449a087f9837
                                                                                • Instruction Fuzzy Hash: 72F0F4B2D006186ADB10E998C84AFEE7F98BB14300F448465FA54AB1C3FA659C11CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 006127F4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: __getptd$__amsg_exit
                                                                                • String ID: MOC$csm
                                                                                • API String ID: 1969926928-1389381023
                                                                                • Opcode ID: 33b9cced6b741998e27e7e2c03043b0455c789580758d048f674bb0431158d77
                                                                                • Instruction ID: 4e471d2d9b1602ddaa5eb268438662d640383288f9f77d0622edf500c91292ab
                                                                                • Opcode Fuzzy Hash: 33b9cced6b741998e27e7e2c03043b0455c789580758d048f674bb0431158d77
                                                                                • Instruction Fuzzy Hash: D8E04F311502048FC764EB68C056BAA33A6FB54314F1908B6E44DC77A3D734D8D495A2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00520E6A Relevance: 7.7, APIs: 5, Instructions: 162COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00520E8F
                                                                                • std::_Lockit::_Lockit.LIBCPMT ref: 00520EB1
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00520ED1
                                                                                • std::_Facet_Register.LIBCPMT ref: 00520F75
                                                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 00520F8D
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                                                • String ID:
                                                                                • API String ID: 459529453-0
                                                                                • Opcode ID: 2c33dfd13c8e0e276eb2209d400b066e2329ebb5db2fbefeefb95ba7e57780a8
                                                                                • Instruction ID: 71eeee1f679dbf5fa0601d9eb03dab5702e025103b508379e109559e7ad16699
                                                                                • Opcode Fuzzy Hash: 2c33dfd13c8e0e276eb2209d400b066e2329ebb5db2fbefeefb95ba7e57780a8
                                                                                • Instruction Fuzzy Hash: 5D617870A01245DFDB14CF58D588AADBBF1FF98304F248099E806AB3A2DB35ED44DB61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 006141C5 Relevance: 7.6, APIs: 5, Instructions: 150COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,?,00000000,?,00000000,00000000,?,006143AF,00000001,00000000,?), ref: 0061426B
                                                                                • _memset.LIBCMT ref: 006142C0
                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00000000,00000000,00000000,?,?,?,00000000,00000001,?), ref: 006142D5
                                                                                • __freea.LIBCMT ref: 006142ED
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide$__freea_memset
                                                                                • String ID:
                                                                                • API String ID: 2568176243-0
                                                                                • Opcode ID: a8b15e093a334fa14ad72c91cea82a72ae37efa9a1521ea633556cbf2343256a
                                                                                • Instruction ID: af9d1742b5ae544435849edf8255774053e47284ee79bf6adfbd33cc5ea5f633
                                                                                • Opcode Fuzzy Hash: a8b15e093a334fa14ad72c91cea82a72ae37efa9a1521ea633556cbf2343256a
                                                                                • Instruction Fuzzy Hash: 1E418D7150011AAFDF109FA5DC81DEF7BAAEB08354B194429FA20C7251DA31DEE08BA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0052CC30 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • PathFileExistsW.SHLWAPI(00000010,?,?,?,?), ref: 0052CDF8
                                                                                • SHCreateDirectoryExW.SHELL32(00000000,00000010,00000000,?,?,?,?), ref: 0052CE05
                                                                                • GetLastError.KERNEL32(?,?,?,?), ref: 0052CEBF
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CreateDirectoryErrorExistsFileLastPath
                                                                                • String ID: list<T> too long
                                                                                • API String ID: 3074648623-4027344264
                                                                                • Opcode ID: 6532256ee6f6723a8fe88e9268da07abbe475c693cafbdb31e00d395c1ad82cd
                                                                                • Instruction ID: 09a52c4edbffc0474360820c0df7369730a6baef8b802ec5120e7db7220f88ab
                                                                                • Opcode Fuzzy Hash: 6532256ee6f6723a8fe88e9268da07abbe475c693cafbdb31e00d395c1ad82cd
                                                                                • Instruction Fuzzy Hash: 7391E775600626DFCB14DF68D848A6EBFA9FF86320F158269E8159B2D2DB709D40CBD0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00554F40 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 235COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 0-1866435925
                                                                                • Opcode ID: 3f966006b3ef248fbd26a5dbf3fa4ffedb87632005a484df8edaa51f26403bc0
                                                                                • Instruction ID: f9a00eada7f02110a75bf6d5db792a9f79065ebec8aa1ba6110f4cbbe22d5a8b
                                                                                • Opcode Fuzzy Hash: 3f966006b3ef248fbd26a5dbf3fa4ffedb87632005a484df8edaa51f26403bc0
                                                                                • Instruction Fuzzy Hash: F991AE75A00645CFCB10CF28C4A4BA9BFB1BF49319F244299EC559B3A2E735EC49CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00555240 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 215COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0055548D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Exception@8Throw
                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 2005118841-1866435925
                                                                                • Opcode ID: f68776029d12ca92a8d66587fc3253a8e5fa5b6bfb5016afab10694707d32f98
                                                                                • Instruction ID: 2857f72bf976a891e9b41aa2425437ad5cb8a51882c9953c3ee6a89afa01e2ad
                                                                                • Opcode Fuzzy Hash: f68776029d12ca92a8d66587fc3253a8e5fa5b6bfb5016afab10694707d32f98
                                                                                • Instruction Fuzzy Hash: 2F819D75A00A05CFDB10CF68C4A0BA9BBF1BF49315F654599E8098F3A2E771EC49CB50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00504BA0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 183COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00506F80: std::locale::_Init.LIBCPMT ref: 00507010
                                                                                  • Part of subcall function 00506F80: std::_Lockit::_Lockit.LIBCPMT ref: 00507052
                                                                                  • Part of subcall function 00506F80: std::_Lockit::_Lockit.LIBCPMT ref: 00507074
                                                                                  • Part of subcall function 00506F80: std::_Lockit::~_Lockit.LIBCPMT ref: 00507094
                                                                                • std::locale::_Init.LIBCPMT ref: 00504C85
                                                                                  • Part of subcall function 00545F9B: __EH_prolog3.LIBCMT ref: 00545FA2
                                                                                  • Part of subcall function 00545F9B: std::_Lockit::_Lockit.LIBCPMT ref: 00545FAD
                                                                                  • Part of subcall function 00545F9B: std::locale::_Setgloballocale.LIBCPMT ref: 00545FC8
                                                                                  • Part of subcall function 00545F9B: _Yarn.LIBCPMT ref: 00545FDE
                                                                                  • Part of subcall function 00545F9B: std::_Lockit::~_Lockit.LIBCPMT ref: 0054601E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Lockitstd::_$Lockit::_std::locale::_$InitLockit::~_$H_prolog3SetgloballocaleYarn
                                                                                • String ID: PVZ$[%4d] $[%4d][%s]
                                                                                • API String ID: 4251128524-103921103
                                                                                • Opcode ID: 194670f70b280bbf15cb10f7de54f772906bd587ad9c2e25dba76a98b10a1080
                                                                                • Instruction ID: f01aaecbb6164da511d5784a7eccfaf6d3eb50a412c69e2834292e51fba40732
                                                                                • Opcode Fuzzy Hash: 194670f70b280bbf15cb10f7de54f772906bd587ad9c2e25dba76a98b10a1080
                                                                                • Instruction Fuzzy Hash: 0A813BB0900609DFDB14DF68C885B9EBBF4FF05304F5045AAE9199B286E771EA44CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0050A060 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 164COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 00508BF0: std::_Lockit::_Lockit.LIBCPMT ref: 00508C21
                                                                                  • Part of subcall function 00508BF0: std::_Lockit::_Lockit.LIBCPMT ref: 00508C3F
                                                                                  • Part of subcall function 00508BF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00508C5F
                                                                                  • Part of subcall function 00508BF0: std::_Lockit::~_Lockit.LIBCPMT ref: 00508D2E
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0050A1FC
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Exception@8Throw
                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 2777619170-1866435925
                                                                                • Opcode ID: 3e9cbf0e42e20a2a0b15c12e8807fdbb3c6b8270926ec958c0258a068ee5a904
                                                                                • Instruction ID: 4e45cf145115d7e578108526b7bcc71d34b9ec5f6176dbdabd0efd3b9cd803bd
                                                                                • Opcode Fuzzy Hash: 3e9cbf0e42e20a2a0b15c12e8807fdbb3c6b8270926ec958c0258a068ee5a904
                                                                                • Instruction Fuzzy Hash: B851AD71A00249AFDF00CFA8C885FADBBF4BF59304F1440A9E905AB392D7759D44CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005046F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 0050472B
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 005048BB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID: 0$ATL:%p
                                                                                • API String ID: 3168844106-2453800769
                                                                                • Opcode ID: 6bc560cd5e6218d4f1a7d75a2c0892cd5f8bcdcaa303e7ba533b0fa0932ebea4
                                                                                • Instruction ID: e9c3c39dd8ea69117b1eeed34bb264b55d71fab21beaa095dc9edbb2868b2338
                                                                                • Opcode Fuzzy Hash: 6bc560cd5e6218d4f1a7d75a2c0892cd5f8bcdcaa303e7ba533b0fa0932ebea4
                                                                                • Instruction Fuzzy Hash: 8141A271D00B05ABDB20DF69C544AAAB7F8FF18300F408A1DEA9997651E730F584CF50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0052634D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104registrylibraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(?,RegCreateKeyTransactedW), ref: 0052635E
                                                                                • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 005263DA
                                                                                • RegCloseKey.ADVAPI32(00000000,?), ref: 005266F0
                                                                                Strings
                                                                                • RegCreateKeyTransactedW, xrefs: 00526358
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Close$AddressProc
                                                                                • String ID: RegCreateKeyTransactedW
                                                                                • API String ID: 2984206060-232142346
                                                                                • Opcode ID: c29c9571a1df907adefb98dfeddd21533eb89290c5dc05b31a9c16b1c7269dff
                                                                                • Instruction ID: 2835df7285c5e4fca4824cca385c836a8e328112fa76f031fe022622ff8e6176
                                                                                • Opcode Fuzzy Hash: c29c9571a1df907adefb98dfeddd21533eb89290c5dc05b31a9c16b1c7269dff
                                                                                • Instruction Fuzzy Hash: 9D31E631A0023667DF359B54AC59B7A7B78FF56744F10046DE902A72C0EB75EE40CA50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051F120 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000,RtlGetNtVersionNumbers), ref: 0051F16B
                                                                                  • Part of subcall function 00503560: __CxxThrowException@8.LIBVCRUNTIME ref: 00503577
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressException@8ProcThrow
                                                                                • String ID: %d.%d.%d$RtlGetNtVersionNumbers$ntdll.dll
                                                                                • API String ID: 3526623714-3913389002
                                                                                • Opcode ID: 0cb02a60b8e1c99a8802464662302cbf8bae5d1b40f4e59a02e7345a7240e76c
                                                                                • Instruction ID: b3726b1cb2648778241169ccc1adffaf852a43f86d869d9109732ec5c9719373
                                                                                • Opcode Fuzzy Hash: 0cb02a60b8e1c99a8802464662302cbf8bae5d1b40f4e59a02e7345a7240e76c
                                                                                • Instruction Fuzzy Hash: 0221907690061AABDF149FA4CC06BEEBBB8FF05700F000559F911A7281EB795A448B95
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005064E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 73COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 005065A7
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Exception@8Throw
                                                                                • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                • API String ID: 2005118841-1866435925
                                                                                • Opcode ID: b590cb04eadf0effa8ce51c7ac83040d8c2f66cdfe3cc0da754b20bb32b2fb2f
                                                                                • Instruction ID: 2dc0b30894fa491be3ebeacb44d19d2d8757b94819cf42a8201a41cbb4b2c719
                                                                                • Opcode Fuzzy Hash: b590cb04eadf0effa8ce51c7ac83040d8c2f66cdfe3cc0da754b20bb32b2fb2f
                                                                                • Instruction Fuzzy Hash: 4921F271900A089FCB24CB98C949F9DBBF4FB09324F808569E9259BAD2D735ED00CB80
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054ACC0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 0054ACF5
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 0054AD7B
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID: -------log lev change$-------log off
                                                                                • API String ID: 3168844106-1712214923
                                                                                • Opcode ID: 3db401c8c3becfeed4186e4f8cab58910fe7d63b9244247ab0d581c2948212e7
                                                                                • Instruction ID: 020df5f46faf55650c4b3a68b485837db55a96204b6f51cdae90abd68f8058fc
                                                                                • Opcode Fuzzy Hash: 3db401c8c3becfeed4186e4f8cab58910fe7d63b9244247ab0d581c2948212e7
                                                                                • Instruction Fuzzy Hash: 2221B031940A09EBCB11CF54C885BDEBFB4FF05719F004119E80067A90D7756948CBD1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051ED80 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 57COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • SHGetValueW.SHLWAPI(80000002,SOFTWARE\Ludashi,Setup Path,00000001,?,?), ref: 0051EDED
                                                                                • PathFileExistsW.SHLWAPI(?), ref: 0051EDFE
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ExistsFilePathValue
                                                                                • String ID: SOFTWARE\Ludashi$Setup Path
                                                                                • API String ID: 3304367237-1541278377
                                                                                • Opcode ID: 349ac059c9537e9cca2c622830dfc724a0d1f33429e7af771ca9247118d4da5f
                                                                                • Instruction ID: 135df2c5f86f1befdb39263fd881416a8c6165cf89f320f4a1af6e8917e9cf40
                                                                                • Opcode Fuzzy Hash: 349ac059c9537e9cca2c622830dfc724a0d1f33429e7af771ca9247118d4da5f
                                                                                • Instruction Fuzzy Hash: 8E114F71A4121DABDB20EF50DC4AFEE77ACFB18304F0041A5A909E7141EB70AE98DA91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00572750 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(005F8928), ref: 00572759
                                                                                • RtlLeaveCriticalSection.NTDLL(005F8928), ref: 00572782
                                                                                • RtlLeaveCriticalSection.NTDLL(005F8928), ref: 005727DB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$Leave$Enter
                                                                                • String ID: GenuineIntel:0f8bfbff
                                                                                • API String ID: 2978645861-3106914364
                                                                                • Opcode ID: e106f4a1de5eba7a23cc98c40f0c7e5ff6fdb70fcb723a87715f088dec1b2bee
                                                                                • Instruction ID: 1cbeb9a73384c3f67a9ee4801e4f59539818130496758e2acfb856cb819c6bbb
                                                                                • Opcode Fuzzy Hash: e106f4a1de5eba7a23cc98c40f0c7e5ff6fdb70fcb723a87715f088dec1b2bee
                                                                                • Instruction Fuzzy Hash: CB01F936700248ABDB010E68BD48FB57F58FB86720F048125FA4C5B241DA7D9949E3A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0052D120 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 213COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID: %s\%s.tf$@olu Fju${%08X-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X}
                                                                                • API String ID: 0-12613160
                                                                                • Opcode ID: 7fc994ca8fcb46289d54d2a116e08a8c5e0ec401dacc53652a7ddfbef5e89c35
                                                                                • Instruction ID: 6c00d8fa9448e7a5daa45cdca79fb04d849b7e7abce940270ba1bce25abf4524
                                                                                • Opcode Fuzzy Hash: 7fc994ca8fcb46289d54d2a116e08a8c5e0ec401dacc53652a7ddfbef5e89c35
                                                                                • Instruction Fuzzy Hash: FA8180719002299FDB25DB68CC45BEABBBCAF49710F1441D9F518A72C1D734AB84CF61
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00610A40 Relevance: 6.2, APIs: 4, Instructions: 188COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000100,?,?,?,?,?,?,?,?), ref: 00610B10
                                                                                • _malloc.LIBCMT ref: 00610B49
                                                                                  • Part of subcall function 0060F82F: __FF_MSGBANNER.LIBCMT ref: 0060F852
                                                                                  • Part of subcall function 0060F82F: __NMSG_WRITE.LIBCMT ref: 0060F859
                                                                                  • Part of subcall function 0060F82F: RtlAllocateHeap.NTDLL(00000000,0060C990), ref: 0060F8A6
                                                                                • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,?), ref: 00610B7C
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ByteCharMultiWide$AllocateHeap_malloc
                                                                                • String ID:
                                                                                • API String ID: 1306061670-0
                                                                                • Opcode ID: 810fdbed1d839481bc36fcdd7c43b4b0826860d3fad792135c0ceb6ae2764f3b
                                                                                • Instruction ID: 14b4e3d712cd4e7edd81cf32e95b0be1e9820af3835e5366556bafa7f74f3416
                                                                                • Opcode Fuzzy Hash: 810fdbed1d839481bc36fcdd7c43b4b0826860d3fad792135c0ceb6ae2764f3b
                                                                                • Instruction Fuzzy Hash: 41516971900249AFEF10EFA8DC818EE7BA6FF48304B184A29F915A7251D7B1DDD0CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054892D Relevance: 6.2, APIs: 4, Instructions: 170COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __EH_prolog3_GS.LIBCMT ref: 00548934
                                                                                • std::locale::locale.LIBCPMT ref: 00548961
                                                                                  • Part of subcall function 00546B18: __EH_prolog3.LIBCMT ref: 00546B1F
                                                                                  • Part of subcall function 00546B18: std::_Lockit::_Lockit.LIBCPMT ref: 00546B29
                                                                                  • Part of subcall function 00546B18: int.LIBCPMT ref: 00546B40
                                                                                  • Part of subcall function 00546B18: std::locale::_Getfacet.LIBCPMT ref: 00546B49
                                                                                  • Part of subcall function 00546B18: std::_Lockit::~_Lockit.LIBCPMT ref: 00546B9A
                                                                                • std::locale::locale.LIBCPMT ref: 00548A7C
                                                                                • __Stolx.LIBCPMT ref: 00548AD2
                                                                                  • Part of subcall function 00549522: __Stoulx.LIBCPMT ref: 00549565
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Lockitstd::_std::locale::locale$GetfacetH_prolog3H_prolog3_Lockit::_Lockit::~_StolxStoulxstd::locale::_
                                                                                • String ID:
                                                                                • API String ID: 57475620-0
                                                                                • Opcode ID: c8efe6dfeb091be35f4f4b54967369bc6a6681ae6498d0ef36048de0ad0d5760
                                                                                • Instruction ID: c28e44f78bc31e9db1ad1f460d1e0bae61d65962080048f46928fe577cfaceac
                                                                                • Opcode Fuzzy Hash: c8efe6dfeb091be35f4f4b54967369bc6a6681ae6498d0ef36048de0ad0d5760
                                                                                • Instruction Fuzzy Hash: 7661577180120EDFCF15DFA4C989AEDBFB8BF05318F14405AE805AB292DB70AA49CB51
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00543180 Relevance: 6.1, APIs: 4, Instructions: 145registryCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RegOpenKeyExW.ADVAPI32(A0E3A5EF,?,00000000,000F003F,00000000), ref: 00543201
                                                                                • RegQueryValueExW.ADVAPI32(00000000,?,00000000,?,00000000,?), ref: 00543227
                                                                                • RegQueryValueExW.ADVAPI32(00000000,?,00000000,00000000,00000000,00000000), ref: 00543275
                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 005432CF
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: QueryValue$CloseOpen
                                                                                • String ID:
                                                                                • API String ID: 1586453840-0
                                                                                • Opcode ID: 7fc1f32a9cb94b4a6fadd777fb9e4e1beb0a2599ca6ad15d5fe01721421d4a85
                                                                                • Instruction ID: 24af136d22ae43f8edfa6d68ed6a9569147e2244f73b2343c708a65a9b0b2e1b
                                                                                • Opcode Fuzzy Hash: 7fc1f32a9cb94b4a6fadd777fb9e4e1beb0a2599ca6ad15d5fe01721421d4a85
                                                                                • Instruction Fuzzy Hash: CB41B375A0020A9BDB14DF64CC49BFEBBB8FF44314F144119F901A7291EBB5AE00CBA1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 005946F0 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                Download Yara Rule
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID:
                                                                                • String ID:
                                                                                • API String ID:
                                                                                • Opcode ID: e2889f076ecaef2998e9b1e61cdd9e40ea48db5cfdd4d55ece4eeec55d3d7160
                                                                                • Instruction ID: c8cb521478387a41a55127c1775d48ca7d7a54ae0af9dd9a372a5a2e1c296458
                                                                                • Opcode Fuzzy Hash: e2889f076ecaef2998e9b1e61cdd9e40ea48db5cfdd4d55ece4eeec55d3d7160
                                                                                • Instruction Fuzzy Hash: 7041D771A40709AFDB24AF78C845FAA7FE9FBC9710F10852AF155DB281D771AD028B90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0060EE75 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • TlsGetValue.KERNEL32(0060C99F,?,0060F918,?,0060F8E8,0060C99F,?,?,0060C99F,?), ref: 0060EE87
                                                                                • TlsGetValue.KERNEL32(00000005,?,0060F918,?,0060F8E8,0060C99F,?,?,0060C99F,?), ref: 0060EE9E
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Value
                                                                                • String ID: DecodePointer$KERNEL32.DLL
                                                                                • API String ID: 3702945584-629428536
                                                                                • Opcode ID: e9acc7c6486383c0b18918ac875340f3fa7f4d4a3cbeb0ab80ea02d6ab6b3d49
                                                                                • Instruction ID: db9dc39fc6f813bc6584ff7ee931ed920778a2b47c9dafb1cf32c1c476291773
                                                                                • Opcode Fuzzy Hash: e9acc7c6486383c0b18918ac875340f3fa7f4d4a3cbeb0ab80ea02d6ab6b3d49
                                                                                • Instruction Fuzzy Hash: 33F04F7058152E7ADB286B29DC45DEB3AAF9F813A071C8525BC18D62F4DB23DD8186E0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051CB60 Relevance: 6.0, APIs: 4, Instructions: 39windowCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: DeleteObject$Select
                                                                                • String ID:
                                                                                • API String ID: 207189511-0
                                                                                • Opcode ID: c5f8c5c06d354e3a9096fdef9e5f1366b4a0fa320bbb06a406d6cddc653ba8cc
                                                                                • Instruction ID: a03d8b2a999151fe6966545d08a72277533ae4691c6fff1ee5a59ae4b7deec8d
                                                                                • Opcode Fuzzy Hash: c5f8c5c06d354e3a9096fdef9e5f1366b4a0fa320bbb06a406d6cddc653ba8cc
                                                                                • Instruction Fuzzy Hash: 19F0E771204506BFE7108F6AED49EA7BFBDFF98750B144215F404C2610DB75E8A4DBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00604130 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 353COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: _memset
                                                                                • String ID: <$GET
                                                                                • API String ID: 2102423945-427699995
                                                                                • Opcode ID: 5b4f40215483bff808af92430d5f727f9d52696589d73f00b360a779ee4ad1d3
                                                                                • Instruction ID: a374706de0f2fee4b21822e51ae3dbcc602e126b68928ae09a69874d4152440f
                                                                                • Opcode Fuzzy Hash: 5b4f40215483bff808af92430d5f727f9d52696589d73f00b360a779ee4ad1d3
                                                                                • Instruction Fuzzy Hash: BDC1A2F0D40219ABDF24DBA4DC49BEFBBB9EF44710F044469FA05A7281DB789945CBA0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0058930D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __startOneArgErrorHandling.LIBCMT ref: 0058939D
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: ErrorHandling__start
                                                                                • String ID: pow
                                                                                • API String ID: 3213639722-2276729525
                                                                                • Opcode ID: ddba5acfcd84caee06b1e7c69400382933b976890823dbf01f7b1114e01fcdee
                                                                                • Instruction ID: b87def18ba658a3bd1c29df450b638d89ed43a6fbae6268ebe9d81246e05b33d
                                                                                • Opcode Fuzzy Hash: ddba5acfcd84caee06b1e7c69400382933b976890823dbf01f7b1114e01fcdee
                                                                                • Instruction Fuzzy Hash: 1A518BA1A09602D6DF117B18C9053793FA4FB90710F384D58F895912F9EF348E89EB86
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054A0C9 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 173COMMON
                                                                                Download Yara Rule
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: _wcsstr
                                                                                • String ID: -------log full reset failed. $:%s
                                                                                • API String ID: 1512112989-665111642
                                                                                • Opcode ID: 1c4f9c3167c5c127b5c9f05485b5b600c3b5f7bee690a61b0095c3996df6d320
                                                                                • Instruction ID: a5f6fea58dfbb489ae7f9ab6798d86f27e318a93b6b472e788e686f633c706bc
                                                                                • Opcode Fuzzy Hash: 1c4f9c3167c5c127b5c9f05485b5b600c3b5f7bee690a61b0095c3996df6d320
                                                                                • Instruction Fuzzy Hash: B951E175A0020A9FDB15DFA8D849BDEBFB5FF84318F044158E805EB391EB75A940CB92
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0051AD32 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 142COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __CxxThrowException@8.LIBVCRUNTIME ref: 0051AD41
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: Exception@8Throw
                                                                                • String ID: lkZ$tkZ
                                                                                • API String ID: 2005118841-2968855423
                                                                                • Opcode ID: ce5a360bc65b389e2eb72048d52704710912cd1cfefb0c1a26c38a639f3602e1
                                                                                • Instruction ID: de462b63fb7cd456942be5e562c1f024487926e4606620ff29b24f809c7b5545
                                                                                • Opcode Fuzzy Hash: ce5a360bc65b389e2eb72048d52704710912cd1cfefb0c1a26c38a639f3602e1
                                                                                • Instruction Fuzzy Hash: D7516D74501246DBEB05DFA8C19979DBFE4FF55304F1840ACD8499F282CBB59A48CBA2
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00536499 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 005364BD
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 005365F5
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID: PNG
                                                                                • API String ID: 3168844106-364855578
                                                                                • Opcode ID: 64f6eb560038c44dd62b60ed7fbb0c22eb2c34d0fc0d1fd82dfae31dd4a0799a
                                                                                • Instruction ID: 73d786f7b94b96771e8d7785bbaf5e554ceee90156723615fab133c5c701fbc6
                                                                                • Opcode Fuzzy Hash: 64f6eb560038c44dd62b60ed7fbb0c22eb2c34d0fc0d1fd82dfae31dd4a0799a
                                                                                • Instruction Fuzzy Hash: BA518970A01B06EFD725CF24C495B69BBF0FF48714F14826DD80A8BA91EB70A945CF90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00604FE0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: _memcpy_sstd::exception::exception
                                                                                • String ID: Q`
                                                                                • API String ID: 703563578-170105297
                                                                                • Opcode ID: 873c96fee48177dd28987e319993540a7a0d9f26400af331b404dcd4531df36b
                                                                                • Instruction ID: 08b2d7dae977de49668654cfa344c268af2dd43ebd702965170372f209da6340
                                                                                • Opcode Fuzzy Hash: 873c96fee48177dd28987e319993540a7a0d9f26400af331b404dcd4531df36b
                                                                                • Instruction Fuzzy Hash: 6241C7B1940A05AFCB08DF68C8919AFB7B6FF44310B50866DE42797681D770AA14CBD1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00554080 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: _wcsrchr
                                                                                • String ID: (^Z
                                                                                • API String ID: 1752292252-1721304698
                                                                                • Opcode ID: 2e282333248e8dca5dab4308d149cad602558b8392e749d0e2a720990eeaaa9a
                                                                                • Instruction ID: cf070dfd65b1434ec129570c1f6d5558ebb8b4fdb2d48dd2afe641304f6866f0
                                                                                • Opcode Fuzzy Hash: 2e282333248e8dca5dab4308d149cad602558b8392e749d0e2a720990eeaaa9a
                                                                                • Instruction Fuzzy Hash: 3E310836B04905AFDB149F18DC45B6EBB99FB84725F00466AED18977C0EB71AD44CBC0
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00537390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • __floor_pentium4.LIBCMT ref: 0053749D
                                                                                  • Part of subcall function 0050B680: RtlEnterCriticalSection.NTDLL(005CC130), ref: 0050B6B1
                                                                                  • Part of subcall function 0050B680: RtlLeaveCriticalSection.NTDLL(005CC130), ref: 0050B6F3
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave__floor_pentium4
                                                                                • String ID: &ex_ary[v]=%d$ldsdownload
                                                                                • API String ID: 3840613466-1963701029
                                                                                • Opcode ID: 57ef38953ca30fdf96630c43198b7aeb10f50306e65e4c321b9ce16b51e54672
                                                                                • Instruction ID: 52adfe4a11cd2c0c9fd8ad96b727a9d730ab68415c256576486ab6c25f564178
                                                                                • Opcode Fuzzy Hash: 57ef38953ca30fdf96630c43198b7aeb10f50306e65e4c321b9ce16b51e54672
                                                                                • Instruction Fuzzy Hash: 5C310671904609EFCB14EF64D886BADFFB8FF59310F108129F845A7681DB31AA08C7A1
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054A410 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 0054A444
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 0054A4AB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID: -------log reset
                                                                                • API String ID: 3168844106-358773479
                                                                                • Opcode ID: e8f521b6e5c3f4b9f0e8df18e6ddb44fd2d8737cc878afc5505204b8e303d091
                                                                                • Instruction ID: 62d29eee86e6e1a9542be55655706b99330bf84fdc4f19788db37339081c256c
                                                                                • Opcode Fuzzy Hash: e8f521b6e5c3f4b9f0e8df18e6ddb44fd2d8737cc878afc5505204b8e303d091
                                                                                • Instruction Fuzzy Hash: 1421CA31A01A05ABCB10CF58C948FDEBFB4FF49724F004159E905AB7A0EBB5A908CB91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 0054ADA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(?), ref: 0054ADD4
                                                                                • RtlLeaveCriticalSection.NTDLL(?), ref: 0054AE3F
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalSection$EnterLeave
                                                                                • String ID: -------log end
                                                                                • API String ID: 3168844106-4272336324
                                                                                • Opcode ID: 39d86f2d2fac5b639ec79c8c2ee3413662e9de512d9cb0dfaa174db9d96a7e6a
                                                                                • Instruction ID: 897457920498bf9fedafdbccdbae21b2546f7ab369a7fa8a2470f694ec4b0971
                                                                                • Opcode Fuzzy Hash: 39d86f2d2fac5b639ec79c8c2ee3413662e9de512d9cb0dfaa174db9d96a7e6a
                                                                                • Instruction Fuzzy Hash: B221AC31900645EBCB11CF54C848FDEBFB8FF49B18F044119E915AB690DBB5AA49CB90
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00612BCB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                Download Yara Rule
                                                                                APIs
                                                                                  • Part of subcall function 0060E226: __getptd.LIBCMT ref: 0060E22C
                                                                                  • Part of subcall function 0060E226: __getptd.LIBCMT ref: 0060E23C
                                                                                • __getptd.LIBCMT ref: 00612BDA
                                                                                  • Part of subcall function 0060F0C1: __amsg_exit.LIBCMT ref: 0060F0D1
                                                                                • __getptd.LIBCMT ref: 00612BE8
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: __getptd$__amsg_exit
                                                                                • String ID: csm
                                                                                • API String ID: 1969926928-1018135373
                                                                                • Opcode ID: 19a090d337b5289cb2aa2f64d74c49aadee50cee4b888bae0250ae30ba76a082
                                                                                • Instruction ID: 1ab2ba1892705fdae4bc336c3be672642673e6062188adbf6ea33f3ab62a1cad
                                                                                • Opcode Fuzzy Hash: 19a090d337b5289cb2aa2f64d74c49aadee50cee4b888bae0250ae30ba76a082
                                                                                • Instruction Fuzzy Hash: AC016D358402468ACFBC9F25C460AEEB7B7AF10311F18482EE541567A2CB31DEE0CBD5
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00572FA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000,Netbios), ref: 00572FC7
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID: Netapi32.dll$Netbios
                                                                                • API String ID: 190572456-3142203730
                                                                                • Opcode ID: b190a3b54afcbc19a39fe5180ecdd3bdf282bb9df2462cf34a10a2bf87356c47
                                                                                • Instruction ID: 7cb275f2d4016ad9213916d81a3146f6c60bb9b51861c59ecc1a316148918d88
                                                                                • Opcode Fuzzy Hash: b190a3b54afcbc19a39fe5180ecdd3bdf282bb9df2462cf34a10a2bf87356c47
                                                                                • Instruction Fuzzy Hash: BDF0E5B67453016F9F085B20BC27E7A3BA8B660705F00912CF80ED3214FB25A805F600
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00526850 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • RtlEnterCriticalSection.NTDLL(005F76D0), ref: 005268AB
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: CriticalEnterSection
                                                                                • String ID: dxZ$v_
                                                                                • API String ID: 1904992153-587812462
                                                                                • Opcode ID: d01394a32f29f65ee8606238f408baf5c848eb0c985656bb260c7bb2bc99281a
                                                                                • Instruction ID: bac156a6d1c3114c0b469f89d22765f9511a3ba8ab2624839fb9f0731a96ed07
                                                                                • Opcode Fuzzy Hash: d01394a32f29f65ee8606238f408baf5c848eb0c985656bb260c7bb2bc99281a
                                                                                • Instruction Fuzzy Hash: 35F0B471C00749ABDB10DF65CD48B9EBBB8FB95B04F204229E010A7251D7782544CB54
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00503150 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00503161
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID: Thread32Next$kernel32
                                                                                • API String ID: 190572456-160946298
                                                                                • Opcode ID: 4c28f1ee6e56db2fdeb256822f52d7790b7185c86b2c3c187d6c91a5a043a6aa
                                                                                • Instruction ID: 6529adf4c6a528343f5d15b3f01f42fd5d918094540c567139240c871a65157d
                                                                                • Opcode Fuzzy Hash: 4c28f1ee6e56db2fdeb256822f52d7790b7185c86b2c3c187d6c91a5a043a6aa
                                                                                • Instruction Fuzzy Hash: D1B092B8582B05AA8A403B74AC0ED2F3E1CBD56702B400590B041E1253EEB89008AA50
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00503110 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00503121
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID: CreateToolhelp32Snapshot$kernel32
                                                                                • API String ID: 190572456-1978853013
                                                                                • Opcode ID: 9d0018fba4ebfd138c3fba25af126fed6c448a08ca7456c8b2f963972d867066
                                                                                • Instruction ID: 569c105bf835011cf7ba71e59a728fd016f68923399faaea7e868180cdd145a4
                                                                                • Opcode Fuzzy Hash: 9d0018fba4ebfd138c3fba25af126fed6c448a08ca7456c8b2f963972d867066
                                                                                • Instruction Fuzzy Hash: 4BB092B8540F01AA8A006B70BC0EE5F3E5CBD1AB013400290B406E1152FF682308AA10
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%

                                                                                Function 00503130 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8libraryloaderCOMMON
                                                                                Download Yara Rule
                                                                                APIs
                                                                                • GetProcAddress.KERNEL32(00000000), ref: 00503141
                                                                                Strings
                                                                                Memory Dump Source
                                                                                • Source File: 00000000.00000002.2885107662.0000000000501000.00000020.00000001.01000000.00000003.sdmp, Offset: 00500000, based on PE: true
                                                                                • Associated: 00000000.00000002.2885060160.0000000000500000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885230138.00000000005A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005CC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005D8000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DB000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005DF000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885301699.00000000005EA000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885557605.00000000005FA000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885628884.000000000061E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2885661460.0000000000624000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D1E000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                • Associated: 00000000.00000002.2886659998.0000000000D60000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                Joe Sandbox IDA Plugin
                                                                                • Snapshot File: hcaresult_0_2_500000_SecuriteInfo.jbxd
                                                                                Similarity
                                                                                • API ID: AddressProc
                                                                                • String ID: Thread32First$kernel32
                                                                                • API String ID: 190572456-3474519427
                                                                                • Opcode ID: a8e7101adeb0921dc608380f1a0d30ac210ef7876e6162e9fb1af0cd679f64f8
                                                                                • Instruction ID: c239f76d9132ef3088c8c091bc6a006710447e3ebbd99dd6db7172f694978095
                                                                                • Opcode Fuzzy Hash: a8e7101adeb0921dc608380f1a0d30ac210ef7876e6162e9fb1af0cd679f64f8
                                                                                • Instruction Fuzzy Hash: 21B092B85A1B00AA8A007B786C0ED2F3EA8B9A6B013400264B014E1167EF78000ABE91
                                                                                Uniqueness

                                                                                Uniqueness Score: -1.00%